blob: 7519fd1e29c62ed07fccf923fad7cc32bc5bc679 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200604-04">
<title>Kaffeine: Buffer overflow</title>
Kaffeine is vulnerable to a buffer overflow that could lead to the
execution of arbitrary code.
<product type="ebuild">kaffeine</product>
<announced>April 05, 2006</announced>
<revised>April 05, 2006: 01</revised>
<package name="media-video/kaffeine" auto="yes" arch="*">
<unaffected range="ge">0.7.1-r2</unaffected>
<vulnerable range="lt">0.7.1-r2</vulnerable>
Kaffeine is a graphical front-end for the xine-lib multimedia
Kaffeine uses an unchecked buffer when fetching remote RAM
playlists via HTTP.
<impact type="normal">
A remote attacker could entice a user to play a specially-crafted
RAM playlist resulting in the execution of arbitrary code with the
permissions of the user running the application.
There is no known workaround at this time.
All Kaffeine users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-video/kaffeine-0.7.1-r2&quot;</code>
<uri link="">CVE-2006-0051</uri>
<uri link="">KDE Security Advisory: Kaffeine buffer overflow</uri>
<metadata tag="requester" timestamp="Tue, 04 Apr 2006 13:17:18 +0000">
<metadata tag="submitter" timestamp="Tue, 04 Apr 2006 19:29:42 +0000">
<metadata tag="bugReady" timestamp="Wed, 05 Apr 2006 21:13:35 +0000">