PT-2005-3809 · Xine · Xine-Lib

Ulf Harnhammar

Published

2005-10-14

Updated

2017-07-11

CVE-2005-2967

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions xine-lib versions 1-beta through 1-beta 3 xine-lib versions 1-rc xine-lib versions 1.0 through 1.0.2 xine-lib version 1.1.1

Description The issue allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD. This occurs due to a format string vulnerability in the input cdda.c file.

Recommendations For xine-lib versions 1-beta through 1-beta 3, update to a version outside of this range to resolve the issue. For xine-lib version 1-rc, update to a version outside of this range to resolve the issue. For xine-lib versions 1.0 through 1.0.2, update to a version outside of this range to resolve the issue. For xine-lib version 1.1.1, update to a version outside of this range to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2967

DSA-863-1

Affected Products

Xine-Lib

PT-2005-3809 · Xine · Xine-Lib

CVE-2005-2967

Related Identifiers

Affected Products

References · 20