CVE-2006-1905

2006-04-2010:02:00

Debian Security Bug Tracker

security-tracker.debian.org

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.33 Low

EPSS

Percentile

97.0%

JSON

Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.

OSVersionArchitecturePackageVersionFilename
Debian12allxine-ui< 0.99.4-1xine-ui_0.99.4-1_all.deb
Debian11allxine-ui< 0.99.4-1xine-ui_0.99.4-1_all.deb
Debian10allxine-ui< 0.99.4-1xine-ui_0.99.4-1_all.deb
Debian999allxine-ui< 0.99.4-1xine-ui_0.99.4-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	xine-ui	< 0.99.4-1	xine-ui_0.99.4-1_all.deb
Debian	11	all	xine-ui	< 0.99.4-1	xine-ui_0.99.4-1_all.deb
Debian	10	all	xine-ui	< 0.99.4-1	xine-ui_0.99.4-1_all.deb
Debian	999	all	xine-ui	< 0.99.4-1	xine-ui_0.99.4-1_all.deb