7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.091 Low
EPSS
Percentile
94.6%
gxine is a GTK+ and xine-lib based media player.
Exworm discovered that gxine insecurely implements formatted printing in the hostname decoding function.
A remote attacker could entice a user to open a carefully crafted file with gxine, possibly leading to the execution of arbitrary code.
There is no known workaround at this time.
All gxine users should upgrade to the latest available version:
# emerge --sync
# emerge --ask --oneshot --verbose media-video/gxine
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | media-video/gxine | < 0.4.4 | UNKNOWN |