Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Gxine | Xine | 0.3 | 0.3 |
Kaffeine_player | Kaffeine | 0.5_rc1 | 0.5_rc1 |
Kaffeine_player | Kaffeine | 0.4.3 | 0.4.3 |
Kaffeine_player | Kaffeine | 0.4.3b | 0.4.3b |
Kaffeine_player | Kaffeine | 0.4.2 | 0.4.2 |