Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-2967Use of Externally-Controlled Format String in Xine-lib

4 documents4 sources
Severity
7.5HIGHNVD
EPSS
9.4%
top 7.18%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Xine Xine-lib
Timeline
PublishedOct 14
Latest updateMay 1

Description

Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDxine/xine-lib5 versions+4

Patches

Patch: secunia.comPatch: www.debian.orgPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-65qq-9m6q-q3fq: Format string vulnerability in input_cdda2022-05-01
CVEList
CVE-2005-2967: Format string vulnerability in input_cdda2005-10-14

💥Exploits & PoCs

1
Exploit-DB
Xine-Lib 1.1 - 'Media Player Library' Remote Format String2005-10-10
CVE-2005-2967 — Xine Xine-lib vulnerability | cvebase