Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2006-1905

Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.

Related bugs and status

CVE-2006-1905 (Candidate) is related to these bugs:

Bug #41781: Missing format string, possibly exploitable

Summary				In	Importance	Status
	41781	Missing format string, possibly exploitable		xine-ui (Ubuntu)	Critical	Fix Released
	41781	Missing format string, possibly exploitable		xine-ui (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

BID: 17579
CONFIRM: http://sourceforge.net...
MISC: http://open-security.o...
GENTOO: GLSA-200604-15
SECTRACK: 1015959
SECUNIA: 19671
SECUNIA: 19854
OSVDB: 24747
MANDRIVA: MDKSA-2006:085
SECUNIA: 20066
SUSE: SUSE-SA:2006:025
VUPEN: ADV-2006-1432
XF: xine-playlist-format-s...
BUGTRAQ: 20060418 Remote Xine F...