Kaffeine is vulnerable to a buffer overflow that could lead to the execution of arbitrary code.
Package | media-video/kaffeine on all architectures |
---|---|
Affected versions | < 0.7.1-r2 |
Unaffected versions | >= 0.7.1-r2 |
Kaffeine is a graphical front-end for the xine-lib multimedia library.
Kaffeine uses an unchecked buffer when fetching remote RAM playlists via HTTP.
A remote attacker could entice a user to play a specially-crafted RAM playlist resulting in the execution of arbitrary code with the permissions of the user running the application.
There is no known workaround at this time.
All Kaffeine users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-video/kaffeine-0.7.1-r2"
Release date
April 05, 2006
Latest revision
April 05, 2006: 01
Severity
normal
Exploitable
remote
Bugzilla entries