Vulnerabilities > CVE-2006-2230 - Remote Format String vulnerability in Xine 0.99.4
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability.
Exploit-Db
description | Xine 0.99.x Filename Handling Remote Format String Vulnerability. CVE-2006-2230. Dos exploit for linux platform |
id | EDB-ID:27791 |
last seen | 2016-02-03 |
modified | 2006-05-01 |
published | 2006-05-01 |
reporter | KaDaL-X |
source | https://www.exploit-db.com/download/27791/ |
title | Xine 0.99.x Filename Handling Remote Format String Vulnerability |
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-1093.NASL |
description | Several format string vulnerabilities have been discovered in xine-ui, the user interface of the xine video player, which may cause a denial of service. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22635 |
published | 2006-10-14 |
reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/22635 |
title | Debian DSA-1093-1 : xine - format string |
code |
|