CVE-2006-1905
UnknownEPSS 14.26%
Last modified
CVE-2006-1905 is a vulnerability of currently unknown severity. Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.. EPSS estimates a 14.26% chance of exploitation in the next 30 days.
Description
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Xine | Xine | 0.9.8 |
| Xine | Xine | 0.9.13 |
| Xine | Xine | 0.9.18 |
| Xine | Xine | 1.0 |
| Xine | Xine | 1.0.1 |
| Xine | Xine | 1_alpha |
| Xine | Xine | 1_beta1 |
| Xine | Xine | 1_beta2 |
| Xine | Xine | 1_beta3 |
| Xine | Xine | 1_beta4 |
| Xine | Xine | 1_beta5 |
| Xine | Xine | 1_beta6 |
| Xine | Xine | 1_beta7 |
| Xine | Xine | 1_beta8 |
| Xine | Xine | 1_beta9 |
| Xine | Xine | 1_beta10 |
| Xine | Xine | 1_beta11 |
| Xine | Xine | 1_beta12 |
| Xine | Xine | 1_rc0 |
| Xine | Xine | 1_rc0a |
| Xine | Xine | 1_rc1 |
| Xine | Xine | 1_rc2 |
| Xine | Xine | 1_rc3 |
| Xine | Xine | 1_rc3a |
| Xine | Xine | 1_rc3b |
| Xine | Xine | 1_rc4 |
| Xine | Xine | 1_rc5 |
| Xine | Xine | 1_rc6 |
| Xine | Xine | 1_rc6a |
| Xine | Xine | 1_rc7 |
| Xine | Xine | 1_rc8 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-1905?
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.
How severe is CVE-2006-1905?
Severity scoring for CVE-2006-1905 is pending analysis. The EPSS model estimates a 14.26% probability of exploitation in the next 30 days.
How do I fix CVE-2006-1905?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2006-1905?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST