CVE-2006-1905
published 2006-04-20CVE-2006-1905: Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a…
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
14.26%
96.1th percentile
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.
Affected
34 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | xine-ui | < xine-ui 0.99.4-1 (bookworm) | xine-ui 0.99.4-1 (bookworm) |
| debian | xine-ui | < xine-ui 0.99.4-2 (bookworm) | xine-ui 0.99.4-2 (bookworm) |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
| xine | xine | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2006-1905: xine-ui - Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allo...
vendor_debian·2006·CVSS 7.5
CVE-2006-1905 [HIGH] CVE-2006-1905: xine-ui - Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allo...
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.
Scope: local
bookworm: resolved (fixed in 0.99.4-1)
bullseye: resolved (fixed in 0.99.4-1)
forky: resolved (fixed in 0.99.4-1)
sid: resolved (fixed in 0.99.4-1)
trixie: resolved (fixed in 0.99.4-1)
Debian
CVE-2006-2230: xine-ui - Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 migh...
vendor_debian·2006·CVSS 7.5
CVE-2006-2230 [HIGH] CVE-2006-2230: xine-ui - Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 migh...
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability.
Scope: local
bookworm: resolved (fixed in 0.99.4-2)
bullseye: resolved (fixed in 0.99.4-2)
forky: resolved (fixed in 0.99.4-2)
sid: resolved (fixed in 0.99.4-2)
trixie: resolved (fixed in 0.99.4-2)
GHSA
GHSA-rm7g-xfrp-h3v4: Multiple format string vulnerabilities in xiTK (xitk/main
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-2230 [HIGH] GHSA-rm7g-xfrp-h3v4: Multiple format string vulnerabilities in xiTK (xitk/main
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability.
GHSA
GHSA-qj9m-76j5-mx55: Multiple format string vulnerabilities in xiTK (xitk/main
ghsa_unreviewed·2022-05-01
CVE-2006-1905 [HIGH] GHSA-qj9m-76j5-mx55: Multiple format string vulnerabilities in xiTK (xitk/main
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.
OSV
CVE-2006-2230: Multiple format string vulnerabilities in xiTK (xitk/main
osv·2006-05-05·CVSS 7.5
CVE-2006-2230 [HIGH] CVE-2006-2230: Multiple format string vulnerabilities in xiTK (xitk/main
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability.
OSV
CVE-2006-1905: Multiple format string vulnerabilities in xiTK (xitk/main
osv·2006-04-20·CVSS 7.5
CVE-2006-1905 [HIGH] CVE-2006-1905: Multiple format string vulnerabilities in xiTK (xitk/main
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.
No detection rules found.
No writeups or analysis indexed.
http://open-security.org/advisories/16http://secunia.com/advisories/19671http://secunia.com/advisories/19854http://secunia.com/advisories/20066http://securitytracker.com/id?1015959http://sourceforge.net/mailarchive/message.php?msg_id=15429845http://www.gentoo.org/security/en/glsa/glsa-200604-15.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:085http://www.novell.com/linux/security/advisories/2006_05_05.htmlhttp://www.osvdb.org/24747http://www.securityfocus.com/archive/1/431251/100/0/threadedhttp://www.securityfocus.com/bid/17579http://www.vupen.com/english/advisories/2006/1432https://exchange.xforce.ibmcloud.com/vulnerabilities/25851http://open-security.org/advisories/16http://secunia.com/advisories/19671http://secunia.com/advisories/19854http://secunia.com/advisories/20066http://securitytracker.com/id?1015959http://sourceforge.net/mailarchive/message.php?msg_id=15429845http://www.gentoo.org/security/en/glsa/glsa-200604-15.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:085http://www.novell.com/linux/security/advisories/2006_05_05.htmlhttp://www.osvdb.org/24747http://www.securityfocus.com/archive/1/431251/100/0/threadedhttp://www.securityfocus.com/bid/17579http://www.vupen.com/english/advisories/2006/1432https://exchange.xforce.ibmcloud.com/vulnerabilities/25851
2006-04-20
Published