VYPR
Unrated severityNVD Advisory· Published Oct 14, 2005· Updated Jun 16, 2026

CVE-2005-2967

CVE-2005-2967

Description

Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • Xine/Xine Lib6 versions
    cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:xine:xine-lib:0.9.13:*:*:*:*:*:*:*
    • cpe:2.3:a:xine:xine-lib:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:xine:xine-lib:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:xine:xine-lib:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:xine:xine-lib:1.1.0:*:*:*:*:*:*:*
    • (no CPE)range: >=1-beta <1.0.3, >=1.1.0 <1.1.1 || possibly <=1.1.1

Patches

Vulnerability mechanics

References

18

News mentions

0

No linked articles in our index yet.