1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200604-04 / kaffeine |
| Release Date | April 05, 2006 |
| Latest Revision | April 05, 2006: 01 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| media-video/kaffeine | < 0.7.1-r2 | >= 0.7.1-r2 | All supported architectures |
Related bugreports: #127326
Kaffeine is vulnerable to a buffer overflow that could lead to the execution of arbitrary code.
Kaffeine is a graphical front-end for the xine-lib multimedia library.
Kaffeine uses an unchecked buffer when fetching remote RAM playlists via HTTP.
A remote attacker could entice a user to play a specially-crafted RAM playlist resulting in the execution of arbitrary code with the permissions of the user running the application.
There is no known workaround at this time.
All Kaffeine users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=media-video/kaffeine-0.7.1-r2" |