Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Kaffeine_player | Kaffeine | 0.4.2 (including) | 0.4.2 (including) |
Kaffeine_player | Kaffeine | 0.4.3 (including) | 0.4.3 (including) |
Kaffeine_player | Kaffeine | 0.4.3b (including) | 0.4.3b (including) |
Kaffeine_player | Kaffeine | 0.5_rc1 (including) | 0.5_rc1 (including) |
Gxine | Xine | 0.3 (including) | 0.3 (including) |