libxine -- format string vulnerability

ID 3BC5691E-38DD-11DA-92F5-020039488E34
Type freebsd
Reporter FreeBSD
Modified 2005-10-08T00:00:00


Gentoo Linux Security Advisory reports:

Ulf Harnhammar discovered a format string bug in the routines handling CDDB server response contents. An attacker could submit malicious information about an audio CD to a public CDDB server (or impersonate a public CDDB server). When the victim plays this CD on a multimedia frontend relying on xine-lib, it could end up executing arbitrary code.