7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.015 Low
EPSS
Percentile
86.8%
Format string vulnerability in input_cdda.c in xine-lib 1-beta through
1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to
execute arbitrary code via format string specifiers in metadata in CDDB
server responses when the victim plays a CD.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | xine-extracodecs | < 1.1.1+ubuntu1-2 | UNKNOWN |
ubuntu | 6.10 | noarch | xine-extracodecs | < 1.1.1+ubuntu1-2 | UNKNOWN |
ubuntu | 7.04 | noarch | xine-extracodecs | < 1.1.1+ubuntu1-2 | UNKNOWN |
ubuntu | 6.06 | noarch | xine-lib | < 1.1.1+ubuntu2-7.7 | UNKNOWN |
ubuntu | 6.10 | noarch | xine-lib | < 1.1.2+repacked1-0ubuntu3.4 | UNKNOWN |
ubuntu | 7.04 | noarch | xine-lib | < 1.1.4-2ubuntu3 | UNKNOWN |