Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2967

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-2967
Last Modified 05 Sep 2008 04:53:06
Published 14 Oct 2005 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2967

Summary

Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD.

Vulnerable Systems

Application

  • Xine-lib 0.9.13

  • Xine-lib 1.0

  • Xine-lib 1.0.1

  • Xine-lib 1.0.2

  • Xine-lib 1.1.0


References

CONFIRM - http://xinehq.de/index.php/security/XSA-2005-1

BID - 15044

DEBIAN - DSA-863

SECUNIA - 17099

XF - xinelib-inputcdda-format-string(22545)

GENTOO - GLSA-200510-08

UBUNTU - USN-196-1

OSVDB - 19892

SUSE - SUSE-SR:2005:024

MANDRIVA - MDKSA-2005:180

SLACKWARE - SSA:2005-283-01

SECUNIA - 17282

SECUNIA - 17179

SECUNIA - 17162

SECUNIA - 17132

SECUNIA - 17111

SECUNIA - 17097

FULLDISC - 20051008 xine/gxine CD Player Remote Format String Bug


Last Updated: 27 May 2016 10:40:42