xine 0.99.3 - Remote Code Execution via Format String in Playlist EXTINFO Filename
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.