MidnightBSD

Advisories for kaffeine

CVE-2004-1034 HIGH

Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kaffeine kaffeine_player 0.4.3b
xine gxine 0.3
kaffeine kaffeine_player 0.4.3
kaffeine kaffeine_player 0.4.2
kaffeine kaffeine_player 0.5_rc1
gentoo linux *
CVE-2006-0051 MEDIUM

Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is "fetching remote playlists", which triggers the overflow in the http_peek function.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
kaffeine kaffeine_player 0.4.3b
kaffeine kaffeine_player 0.7.1
kaffeine kaffeine_player 0.4.3
kaffeine kaffeine_player 0.4.2
kaffeine kaffeine_player 0.5_rc1