PT-2006-2889 · Xine · Xine
Ludwig Nussel
·
Published
2006-04-20
·
Updated
2018-10-18
·
CVE-2006-1905
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
xine version 0.99.3
Description
The issue concerns multiple format string vulnerabilities that allow remote attackers to execute arbitrary code. This is achieved by using format string specifiers in a long filename on an EXTINFO line in a playlist file.
Recommendations
For xine version 0.99.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Xine