A format string vulnerability in gxine could allow a remote attacker to execute arbitrary code.
|Package||media-video/gxine on all architectures|
|Affected versions||< 0.4.4|
|Unaffected versions||revision >= 0.3.3-r2, revision >= 0.4.1-r1, >= 0.4.4|
gxine is a GTK+ and xine-lib based media player.
Exworm discovered that gxine insecurely implements formatted printing in the hostname decoding function.
A remote attacker could entice a user to open a carefully crafted file with gxine, possibly leading to the execution of arbitrary code.
There is no known workaround at this time.
All gxine users should upgrade to the latest available version:
# emerge --sync # emerge --ask --oneshot --verbose media-video/gxine
May 26, 2005
May 26, 2005: 01