彙總 divx 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 緩衝區溢位與跨站腳本 相關,可能在 軟體部署與生產負載 場景中帶來 應用程式崩潰與記憶體損壞 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2014-10024 | Multiple integer signedness errors in DirectShowDemuxFilter, as used in Divx Web Player, Divx Player, and other Divx plugins, allow remote attackers to execute arbitrary code via a (1) negative or (2) large value in a Stream Format (STRF) chunk in an AVI file, which triggers a heap-based buffer overflow. | [email protected] | 7.5 | 2.96% | 2015-01-13 | 2026-06-16 |
| CVE-2010-5232 | Untrusted search path vulnerability in DivX Plus Player 8.1.0 allows local users to gain privileges via a Trojan horse ssleay32.dll file in a certain directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | [email protected] | 6.9 | 0.40% | 2012-09-07 | 2026-06-16 |
| CVE-2010-5231 | Untrusted search path vulnerability in DivX Player 7.2.019 allows local users to gain privileges via a Trojan horse VersionCheckDLL.dll file in the current working directory, as demonstrated by a directory that contains a .avi file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | [email protected] | 6.9 | 0.40% | 2012-09-07 | 2026-06-16 |
| CVE-2008-5259 | Integer signedness error in DivX Web Player 1.4.2.7, and possibly earlier versions, allows remote attackers to execute arbitrary code via a DivX file containing a crafted Stream Format (STRF) chunk, which triggers a heap-based buffer overflow. | [email protected] | 9.3 | 5.72% | 2009-04-16 | 2026-06-16 |
| CVE-2008-1912 | Stack-based buffer overflow in DivX Player 6.7 build 6.7.0.22 and earlier allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long subtitle in a .SRT file. | [email protected] | 9.3 | 11.73% | 2008-04-22 | 2026-06-16 |
| CVE-2008-1800 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in DivXDB 2002 0.94b allow remote attackers to inject arbitrary web script or HTML via the (1) choice, (2) _page_, (3) zone_admin, (4) general_search, and (5) import parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | [email protected] | 4.3 | 1.19% | 2008-04-15 | 2026-06-16 |
| CVE-2008-0090 | A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long argument to the SetPassword method. | [email protected] | 5.0 | 22.53% | 2008-01-03 | 2026-06-16 |
| CVE-2007-1294 | A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in DivX Web Player, as distributed with DivX Player 1.3.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via large values to DivxWP.Resize, related to resizing images. | [email protected] | 7.8 | 3.06% | 2007-03-06 | 2026-06-16 |
| CVE-2007-0429 | DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed with DivX Player 6.4.1, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the GoWindowed method for a certain instance of the ActiveX object. | [email protected] | 5.0 | 2.77% | 2007-01-22 | 2026-06-16 |
| CVE-2006-6444 | Stack-based buffer overflow in Nostra DivX Player 2.1, 2.2.00.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long string in an M3U file. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | [email protected] | 6.8 | 2.51% | 2006-12-10 | 2026-06-16 |
| CVE-2005-0304 | Directory traversal vulnerability in DivX Player 2.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename in a ZIP file for a skin. | [email protected] | 5.0 | 1.77% | 2005-05-02 | 2026-06-16 |