blob: 6aae76c0f6c0e4a4542bdd588f2da78e1566762e [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200505-19">
<title>gxine: Format string vulnerability</title>
A format string vulnerability in gxine could allow a remote attacker to
execute arbitrary code.
<product type="ebuild">gxine</product>
<announced>May 26, 2005</announced>
<revised>May 26, 2005: 01</revised>
<package name="media-video/gxine" auto="yes" arch="*">
<unaffected range="rge">0.3.3-r2</unaffected>
<unaffected range="rge">0.4.1-r1</unaffected>
<unaffected range="ge">0.4.4</unaffected>
<vulnerable range="lt">0.4.4</vulnerable>
gxine is a GTK+ and xine-lib based media player.
Exworm discovered that gxine insecurely implements formatted
printing in the hostname decoding function.
<impact type="normal">
A remote attacker could entice a user to open a carefully crafted
file with gxine, possibly leading to the execution of arbitrary code.
There is no known workaround at this time.
All gxine users should upgrade to the latest available version:
# emerge --sync
# emerge --ask --oneshot --verbose media-video/gxine</code>
<uri link="">CAN-2005-1692</uri>
<uri link="">Bugtraq ID 13707</uri>
<uri link="">Original Advisory</uri>
<metadata tag="submitter" timestamp="Tue, 24 May 2005 14:37:48 +0000">
<metadata tag="bugReady" timestamp="Thu, 26 May 2005 11:13:38 +0000">