gxine: Format string vulnerability A format string vulnerability in gxine could allow a remote attacker to execute arbitrary code. gxine 2005-05-26 2005-05-26 93532 remote 0.3.3-r2 0.4.1-r1 0.4.4 0.4.4

gxine is a GTK+ and xine-lib based media player.

Exworm discovered that gxine insecurely implements formatted printing in the hostname decoding function.

A remote attacker could entice a user to open a carefully crafted file with gxine, possibly leading to the execution of arbitrary code.

There is no known workaround at this time.

All gxine users should upgrade to the latest available version:

# emerge --sync # emerge --ask --oneshot --verbose media-video/gxine CAN-2005-1692 Bugtraq ID 13707 Original Advisory DerCorny koon