CVE-2007-0255 - XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) a

CVE-2007-0255

Summary

XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017.

References

http://osvdb.org/31666
http://secunia.com/advisories/23931
http://www.mandriva.com/security/advisories?name=MDKSA-2007:027
http://www.mandriva.com/security/advisories?name=MDKSA-2007:154
http://www.securityfocus.com/archive/1/456523/100/0/threaded
http://www.securityfocus.com/bid/22252

Vulnerable Configurations

cpe:2.3:a:xine:xine:0.99.4:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:0.99.4:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 16-10-2018 - 16:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	22252
bugtraq	20070110 VLC Format String Vulnerability also in XINE
mandriva	MDKSA-2007:027 MDKSA-2007:154
osvdb	31666
secunia	23931

Last major update

16-10-2018 - 16:32

Published

16-01-2007 - 23:28

Last modified

16-10-2018 - 16:32