Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2230

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2230
Last Modified 05 Sep 2008 05:04:00
Published 05 May 2006 03:02:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2230

Summary

Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability.

Vulnerable Systems

Application

  • Xine 0.99.4


References

BID - 17769

BUGTRAQ - 20060429 XINE format string bugs when handling non existen file

DEBIAN - DSA-1093

XF - xine-mainc-format-string(26216)


Last Updated: 27 May 2016 10:42:23