VDB
CVE-2006-2230
CVE-2006-2230
PUBLISHED
CVSS 5 MEDIUM
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability.
EPSS 1.20% · 79.3th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
1.20%
79.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| xine | xine | 0.99.4 |
Timeline
- May 5, 2006 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 1, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
References
- 20060429 XINE format string bugs when handling non existen file mailing-list
- 17769 vdb
- xine-mainc-format-string(26216) vdb
- DSA-1093 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2006-2230 advisory