FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libxine -- format string vulnerability

Affected packages
libxine < 1.1.0_1


VuXML ID 3bc5691e-38dd-11da-92f5-020039488e34
Discovery 2005-10-08
Entry 2005-10-09

Gentoo Linux Security Advisory reports:

Ulf Harnhammar discovered a format string bug in the routines handling CDDB server response contents.

An attacker could submit malicious information about an audio CD to a public CDDB server (or impersonate a public CDDB server). When the victim plays this CD on a multimedia frontend relying on xine-lib, it could end up executing arbitrary code.


CVE Name CVE-2005-2967