The KDE team reports:
Kaffeine can produce a buffer overflow in http_peek() while
creating HTTP request headers for fetching remote playlists,
which under certain circumstances could be used to crash the
application and/or execute arbitrary code.