CVE-2005-2967

Published: Oct 14, 2005Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD.

Affected (5)

Products: Xine: Xine Lib

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Xine Xine Lib	Version 0.9.13
Xine Xine Lib	Version 1.0.1
Xine Xine Lib	Version 1.0.2
Xine Xine Lib	Version 1.0
Xine Xine Lib	Version 1.1.0

References (36)

http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0196.html

Source: security@debian.org

http://secunia.com/advisories/17097

Source: security@debian.org

http://secunia.com/advisories/17099/

Source: security@debian.org

PatchVendor Advisory

http://secunia.com/advisories/17111

Source: security@debian.org

http://secunia.com/advisories/17132

Source: security@debian.org

http://secunia.com/advisories/17162

Source: security@debian.org

http://secunia.com/advisories/17179

Source: security@debian.org

http://secunia.com/advisories/17282

Source: security@debian.org

http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.415454

Source: security@debian.org

http://www.debian.org/security/2005/dsa-863

Source: security@debian.org

PatchVendor Advisory

http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml

Source: security@debian.org

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2005:180

Source: security@debian.org

http://www.novell.com/linux/security/advisories/2005_24_sr.html

Source: security@debian.org

http://www.osvdb.org/19892

Source: security@debian.org

http://www.securityfocus.com/bid/15044

Source: security@debian.org

ExploitPatch

http://www.ubuntu.com/usn/usn-196-1

Source: security@debian.org

http://xinehq.de/index.php/security/XSA-2005-1

Source: security@debian.org

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/22545

Source: security@debian.org

http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0196.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/17097

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/17099/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://secunia.com/advisories/17111

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/17132

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/17162

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/17179

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/17282

Source: af854a3a-2127-422b-91ae-364da2661108

http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.415454

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2005/dsa-863

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2005:180

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.novell.com/linux/security/advisories/2005_24_sr.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/19892

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/15044

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://www.ubuntu.com/usn/usn-196-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://xinehq.de/index.php/security/XSA-2005-1

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/22545

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.