Vulnerability Name:

CVE-2007-0255 (CCN-31674)

Assigned:2007-01-02
Published:2007-01-02
Updated:2018-10-16
Summary:XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.3 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
6.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Wed Jan 10 2007 - 09:15:47 CST
VLC Format String Vulnerability also in XINE

Source: MITRE
Type: CNA
CVE-2007-0255

Source: OSVDB
Type: UNKNOWN
31666

Source: CCN
Type: MOAB-02-01-2007
VLC Media Player udp:// Format String Vulnerability

Source: SECUNIA
Type: UNKNOWN
23931

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:027

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:154

Source: CCN
Type: OSVDB ID: 31666
xine udp:// URI Handling Format String

Source: BUGTRAQ
Type: UNKNOWN
20070110 VLC Format String Vulnerability also in XINE

Source: BID
Type: UNKNOWN
22252

Source: CCN
Type: BID-22252
Xine M3U Remote Format String Vulnerability

Source: CCN
Type: xine Web site
xine - A Free Video Player

Source: XF
Type: UNKNOWN
xine-udp-format-string(31674)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:xine:xine:0.99.4:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:xine:xine:0.99.4:*:*:*:*:*:*:*
  • AND
  • cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.bionic:def:200702550000000
    V
    		CVE-2007-0255 on Ubuntu 18.04 LTS (bionic) - .
    2007-01-16
    oval:com.ubuntu.artful:def:20070255000
    V
    		CVE-2007-0255 on Ubuntu 17.10 (artful) - .
    2007-01-16
    oval:com.ubuntu.trusty:def:20070255000
    V
    		CVE-2007-0255 on Ubuntu 14.04 LTS (trusty) - .
    2007-01-16
    oval:com.ubuntu.xenial:def:200702550000000
    V
    		CVE-2007-0255 on Ubuntu 16.04 LTS (xenial) - .
    2007-01-16
    oval:com.ubuntu.bionic:def:20070255000
    V
    		CVE-2007-0255 on Ubuntu 18.04 LTS (bionic) - .
    2007-01-16
    oval:com.ubuntu.xenial:def:20070255000
    V
    		CVE-2007-0255 on Ubuntu 16.04 LTS (xenial) - .
    2007-01-16
    oval:com.ubuntu.disco:def:200702550000000
    V
    		CVE-2007-0255 on Ubuntu 19.04 (disco) - .
    2007-01-16
    oval:com.ubuntu.cosmic:def:20070255000
    V
    		CVE-2007-0255 on Ubuntu 18.10 (cosmic) - .
    2007-01-16
    oval:com.ubuntu.cosmic:def:200702550000000
    V
    		CVE-2007-0255 on Ubuntu 18.10 (cosmic) - .
    2007-01-16
    oval:com.ubuntu.precise:def:20070255000
    V
    		CVE-2007-0255 on Ubuntu 12.04 LTS (precise) - .
    2007-01-16
    BACK
    xine xine 0.99.4
    xine xine 0.99.4
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2007.1