Xine Filename Handling Remote Format String Vulnerability

The following command is sufficient to demonstrate this issue:
xine %p-%p.mp3

This will result in a file-not-found dialog being displayed. The dialog will report that the file that was not found has a name similar to '0x811ac8e-0xbe1fdabc.mp3'

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com


 

Privacy Statement
Copyright 2010, SecurityFocus