Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2006-2802

Published: 03/06/2006 Updated: 03/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Xine-lib

Vulnerability Summary

Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote malicious users to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.

Vulnerable Product Search on Vulmon Subscribe to Product

xine xine-lib 1.0.1

xine xine-lib 1.0.2

xine gxine 0.5.6

xine xine-lib 1.1.0

xine xine-lib 1.1.1

Vendor Advisories

Ubuntu Security Notice: xine-lib vulnerability
Federico L Bossi Bonin discovered a buffer overflow in the HTTP input module By tricking an user into opening a malicious remote media location, a remote attacker could exploit this to crash Xine library frontends (like totem-xine, gxine, or xine-ui) and possibly even execute arbitrary code with the user’s privileges ...

Exploits

Exploit DB: gxine 0.5.6 - HTTP Plugin Remote Buffer Overflow (PoC)
////////////////////////////////////////////////////// // gxine - HTTP Plugin Remote Buffer Overflow PoC ///////////////////////////////////////////////////// // // Federico L Bossi Bonin // fbossi[at]netcomm[dot]com[dot]ar ///////////////////////////////////////////////////// // TESTED on gxine 056 //////////////////////// // 0xb78eccc7 in fr ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/bid/18187http://secunia.com/advisories/20369http://www.osvdb.org/25936http://secunia.com/advisories/20549http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.htmlhttp://secunia.com/advisories/20766http://secunia.com/advisories/20828http://www.debian.org/security/2006/dsa-1105http://secunia.com/advisories/20942http://security.gentoo.org/glsa/glsa-200609-08.xmlhttp://secunia.com/advisories/21919http://www.mandriva.com/security/advisories?name=MDKSA-2006:108https://exchange.xforce.ibmcloud.com/vulnerabilities/26972https://www.exploit-db.com/exploits/1852https://usn.ubuntu.com/295-1/https://usn.ubuntu.com/295-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/1852/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook