The xine free multimedia player suffers from a number of vulnerabilities ranging in severity. The worst of these vulnerabilities results in arbitrary code execution and the least, in unexpected process termination. xine-lib versions 1.1.14 and below are affected.
6ca037f9e8d51e3f07cc53661d3f13706366e6df2b215a8e1e7ad67c75a07c41
The Poppler PDF rendering library versions 0.8.4 and below suffers from a memory management bug which can allows for arbitrary code execution.
0f357fc416cd3be3d0207302a38ee42eb9121ef982844b3425f2e54b4376193c
The reference speex decoder from the Speex library performs insufficient boundary checks on a header structure read from user input, this has been reported in oCERT-2008-002 advisory. Further investigation showed that several packages include similar code and are therefore vulnerable.
92ed6546867cd33c0088b7bc15e55f53e67e063a9ac84ec56cc42ae501ff00f3
Applications using libpng that install unknown chunk handlers, or copy unknown chunks, may be vulnerable to a security issue which may result in incorrect output, information leaks, crashes, or arbitrary code execution. The libpng project indicates libpng-1.0.6 through 1.0.32, libpng-1.2.0 through 1.2.26, and libpng-1.4.0beta01 through libpng-1.4.0beta19 built with PNG_READ_UNKNOWN_CHUNKS_SUPPORTED or PNG_READ_USER_CHUNKS_SUPPORTED (default configuration) are affected.
d9f18b2e078424f7549cd605507ce814b470dc6ff811315a92fb7070cf843236