A format string vulnerability in gxine could allow a remote attacker to execute arbitrary code.
Package | media-video/gxine on all architectures |
---|---|
Affected versions | < 0.4.4 |
Unaffected versions | revision >= 0.3.3-r2 revision >= 0.4.1-r1 >= 0.4.4 |
gxine is a GTK+ and xine-lib based media player.
Exworm discovered that gxine insecurely implements formatted printing in the hostname decoding function.
A remote attacker could entice a user to open a carefully crafted file with gxine, possibly leading to the execution of arbitrary code.
There is no known workaround at this time.
All gxine users should upgrade to the latest available version:
# emerge --sync # emerge --ask --oneshot --verbose media-video/gxine
Release date
May 26, 2005
Latest revision
May 26, 2005: 01
Severity
normal
Exploitable
remote
Bugzilla entries