Gentoo FoundationGLSA-200604-15xine-ui: Format string vulnerabilities
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.33 Low
EPSS
Percentile
97.0%
Background
xine-ui is a skin-based user interface for xine. xine is a free multimedia player. It plays CDs, DVDs, and VCDs, and can also decode other common multimedia formats.
Description
Ludwig Nussel discovered that xine-ui incorrectly implements formatted printing.
Impact
By constructing a malicious playlist file, a remote attacker could exploit these vulnerabilities to execute arbitrary code with the rights of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
All xine-ui users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/xine-ui-0.99.4-r5"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | media-video/xine-ui | < 0.99.4-r5 | UNKNOWN |
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.33 Low
EPSS
Percentile
97.0%