CVE-2007-0255

2007-01-1600:00:00

ubuntu.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.078 Low

EPSS

Percentile

94.1%

JSON

XINE 0.99.4 allows user-assisted remote attackers to cause a denial of
service (application crash) and possibly execute arbitrary code via a
certain M3U file that contains a long #EXTINF line and contains format
string specifiers in an invalid udp:// URI, possibly a variant of
CVE-2007-0017.

Notes

Author	Note
sbeattie	issue is unlisted on xine upstream website

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchxine-ui< anyUNKNOWN
ubuntu20.04noarchxine-ui< anyUNKNOWN
ubuntu22.04noarchxine-ui< anyUNKNOWN
ubuntu23.10noarchxine-ui< anyUNKNOWN
ubuntu16.04noarchxine-ui< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	xine-ui	< any	UNKNOWN
ubuntu	20.04	noarch	xine-ui	< any	UNKNOWN
ubuntu	22.04	noarch	xine-ui	< any	UNKNOWN
ubuntu	23.10	noarch	xine-ui	< any	UNKNOWN
ubuntu	16.04	noarch	xine-ui	< any	UNKNOWN