CVE-2006-2802

xine-lib 1.1.1 - Denial of Service via HTTP Plugin Long Reply

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2802. PoCs published by Federico L. Bossi Bonin.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in gxine's HTTP plugin by sending a large number of 'A' characters (9500 bytes) to a listening socket, causing a crash and potential remote code execution. The PoC sets up a server on port 81 and waits for connections to trigger the overflow.

Description

Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Federico L. Bossi Bonin · cdoslinux

https://www.exploit-db.com/exploits/1852

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in gxine's HTTP plugin by sending a large number of 'A' characters (9500 bytes) to a listening socket, causing a crash and potential remote code execution. The PoC sets up a server on port 81 and waits for connections to trigger the overflow.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: gxine 0.5.6

No auth needed

Prerequisites: Network access to the target · Target running gxine 0.5.6 with the HTTP plugin

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15

Core References

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2006/dsa-1105

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/25936

Exploit, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20369

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20942

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20766

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200609-08.xml

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/18187

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20549

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/26972

Various Sources vendor-advisory x_refsource_suse

http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html

Vendor Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/295-1/

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20828

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/1852

Vendor Advisory vendor-advisory x_refsource_mandrake

http://www.mandriva.com/security/advisories?name=MDKSA-2006:108

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21919

Scores

EPSS 0.1089

EPSS Percentile 95.3%

Details

Status published

Products (5)

xine/gxine 0.5.6

xine/xine-lib 1.0.1

xine/xine-lib 1.0.2

xine/xine-lib 1.1.0

xine/xine-lib 1.1.1

Published Jun 03, 2006

Tracked Since Feb 18, 2026