CVE-2005-2967

xine-lib <1.1.1 - RCE

Title source: llm

Description

Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ulf Harnhammar · perlremotelinux

https://www.exploit-db.com/exploits/1242

View Code ZIP pw:eip

References (18)

[Exploit, Patch] http://www.securityfocus.com/bid/15044

[Third Party Advisory] http://secunia.com/advisories/17097

[Vendor Advisory] http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.415454

[Third Party Advisory] http://secunia.com/advisories/17132

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2005:180

[Third Party Advisory] http://secunia.com/advisories/17282

[Third Party Advisory, VDB Entry] http://www.osvdb.org/19892

[Patch, Vendor Advisory] http://xinehq.de/index.php/security/XSA-2005-1

[Patch, Vendor Advisory] http://www.debian.org/security/2005/dsa-863

[Third Party Advisory] http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0196.html

[Vendor Advisory] http://www.novell.com/linux/security/advisories/2005_24_sr.html

[Third Party Advisory] http://secunia.com/advisories/17111

[Vendor Advisory] http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml

[Vendor Advisory] http://www.ubuntu.com/usn/usn-196-1

[Third Party Advisory] http://secunia.com/advisories/17179

[Third Party Advisory] http://secunia.com/advisories/17162

[Patch, Vendor Advisory] http://secunia.com/advisories/17099/

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/22545

Scores

EPSS 0.0944

EPSS Percentile 92.8%

Details

Status published

Products (5)

xine/xine-lib 0.9.13

xine/xine-lib 1.0

xine/xine-lib 1.0.1

xine/xine-lib 1.0.2

xine/xine-lib 1.1.0

Published Oct 14, 2005

Tracked Since Feb 18, 2026