xine -- multiple remote string vulnerabilities

2006-04-18T00:00:00
ID 8D4AE57D-D2AB-11DA-A672-000E0C2E438A
Type freebsd
Reporter FreeBSD
Modified 2006-04-18T00:00:00

Description

c0ntexb reports:

There are 2 format string bugs in the latest version of Xine that could be exploited by a malicious person to execute code on the system of a remote user running the media player against a malicious playlist file. By passing a format specifier in the path of a file that is embedded in a remote playlist, it is possible to trigger this bug.