PT-2005-3809 · Xine · Xine-Lib
Ulf Harnhammar
·
Publicado
2005-10-14
·
Atualizado
2017-07-11
·
CVE-2005-2967
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
xine-lib versions 1-beta through 1-beta 3
xine-lib versions 1-rc
xine-lib versions 1.0 through 1.0.2
xine-lib version 1.1.1
Description
The issue allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD. This occurs due to a format string vulnerability in the input cdda.c file.
Recommendations
For xine-lib versions 1-beta through 1-beta 3, update to a version outside of this range to resolve the issue.
For xine-lib version 1-rc, update to a version outside of this range to resolve the issue.
For xine-lib versions 1.0 through 1.0.2, update to a version outside of this range to resolve the issue.
For xine-lib version 1.1.1, update to a version outside of this range to resolve the issue.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Xine-Lib