FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xine -- multiple remote string vulnerabilities

Affected packages
xine < 0.99.4_4

Details

VuXML ID 8d4ae57d-d2ab-11da-a672-000e0c2e438a
Discovery 2006-04-18
Entry 2006-04-23

c0ntexb reports:

There are 2 format string bugs in the latest version of Xine that could be exploited by a malicious person to execute code on the system of a remote user running the media player against a malicious playlist file. By passing a format specifier in the path of a file that is embedded in a remote playlist, it is possible to trigger this bug.

References

Bugtraq ID 17579
CVE Name CVE-2006-1905
URL http://www.open-security.org/advisories/16