Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Xine-lib | Xine | 0.9.13 (including) | 0.9.13 (including) |
Xine-lib | Xine | 1.0 (including) | 1.0 (including) |
Xine-lib | Xine | 1.0.1 (including) | 1.0.1 (including) |
Xine-lib | Xine | 1.0.2 (including) | 1.0.2 (including) |
Xine-lib | Xine | 1.1.0 (including) | 1.1.0 (including) |