CVE-2005-2967

xine-lib 1-beta-1.0.2 and 1.1.1 - Remote Code Execution via CDDB Metadata Format String

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2967. PoCs published by Ulf Harnhammar.

AI-analyzed exploit summary This exploit sets up a malicious CDDB server to trigger a format string vulnerability in xine-lib when processing metadata for an Audio CD. The vulnerability allows arbitrary memory writes, potentially leading to remote code execution with the privileges of the user running the application.

Description

Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ulf Harnhammar · perlremotelinux

https://www.exploit-db.com/exploits/1242

View Code ZIP pw:eip

This exploit sets up a malicious CDDB server to trigger a format string vulnerability in xine-lib when processing metadata for an Audio CD. The vulnerability allows arbitrary memory writes, potentially leading to remote code execution with the privileges of the user running the application.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: xine-lib (versions affected by CVE-2005-2967)

No auth needed

Prerequisites: Victim must play an Audio CD or visit a malicious website embedding a xine Audio CD MRL · Attacker must control or modify a CDDB server response

MITRE ATT&CK

T1189 - Drive-by Compromise T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (18)

Core 18

Core References

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/15044

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/17097

Vendor Advisory vendor-advisory x_refsource_slackware

http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.415454

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/17132

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2005:180

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/17282

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/19892

Patch, Vendor Advisory x_refsource_confirm

http://xinehq.de/index.php/security/XSA-2005-1

Patch, Vendor Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2005/dsa-863

Third Party Advisory mailing-list x_refsource_fulldisc

http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0196.html

Vendor Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2005_24_sr.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/17111

Vendor Advisory vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-196-1

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/17179

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/17162

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/17099/

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/22545

Scores

EPSS 0.0968

EPSS Percentile 94.9%

Details

Status published

Products (5)

xine/xine-lib 0.9.13

xine/xine-lib 1.0

xine/xine-lib 1.0.1

xine/xine-lib 1.0.2

xine/xine-lib 1.1.0

Published Oct 14, 2005

Tracked Since Feb 18, 2026