CVE-2007-0255

Name of the Vulnerable Software and Affected Versions XINE version 0.99.4

Description The issue allows user-assisted remote attackers to cause a denial of service, potentially leading to application crashes, and possibly execute arbitrary code. This can be achieved through a specially crafted M3U file containing a long #EXTINF line with format string specifiers in an invalid udp:// URI.

Recommendations For XINE version 0.99.4, consider avoiding the use of M3U files from untrusted sources until a patch is available. As a temporary workaround, restrict the handling of #EXTINF lines and udp:// URIs to minimize the risk of exploitation.