CVE-2006-0051Improper Restriction of Operations within the Bounds of a Memory Buffer in Player

7 documents7 sources
Severity
5.1MEDIUMNVD
EPSS
2.5%
top 14.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Kaffeine Player
Timeline
PublishedApr 5
Latest updateMay 1

Description

Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is "fetching remote playlists", which triggers the overflow in the http_peek function.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

NVDkaffeine/kaffeine_player5 versions+4

Patches

Patch: secunia.comPatch: www.kde.orgPatch: secunia.com

🔴Vulnerability Details

3
GHSA
GHSA-75j2-g376-x3q4: Buffer overflow in playlistimport2022-05-01
CVEList
CVE-2006-0051: Buffer overflow in playlistimport2006-04-05
OSV
CVE-2006-0051: Buffer overflow in playlistimport2006-04-05

💥Exploits & PoCs

1
Exploit-DB
iLife iPhoto Photocast - XML Title Remote Format String (PoC)2007-01-04

📋Vendor Advisories

2
Ubuntu
Kaffeine vulnerability2006-04-07
Debian
CVE-2006-0051: kaffeine - Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 all...2006
CVE-2006-0051 — Kaffeine Player vulnerability | cvebase