Search for vulnerabilities
Vulnerability details: VCID-6fb9-bf9u-aaas
Vulnerability ID VCID-6fb9-bf9u-aaas
Aliases CVE-2006-1905
Summary Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.
Status Published
Exploitability 2.0
Weighted Severity 6.8
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.07959 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.09157 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.32965 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.32965 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.32965 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.32965 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.32965 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.32965 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.32965 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.32965 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.32965 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.32965 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.32965 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.32965 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.38869 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.38869 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.38869 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
epss 0.38869 https://api.first.org/data/v1/epss?cve=CVE-2006-1905
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2006-1905
Reference id Reference type URL
http://open-security.org/advisories/16
https://api.first.org/data/v1/epss?cve=CVE-2006-1905
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1905
http://secunia.com/advisories/19671
http://secunia.com/advisories/19854
http://secunia.com/advisories/20066
http://securitytracker.com/id?1015959
https://exchange.xforce.ibmcloud.com/vulnerabilities/25851
http://sourceforge.net/mailarchive/message.php?msg_id=15429845
http://www.gentoo.org/security/en/glsa/glsa-200604-15.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:085
http://www.novell.com/linux/security/advisories/2006_05_05.html
http://www.osvdb.org/24747
http://www.securityfocus.com/archive/1/431251/100/0/threaded
http://www.securityfocus.com/bid/17579
http://www.vupen.com/english/advisories/2006/1432
363370 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=363370
cpe:2.3:a:xine:xine:0.9.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:0.9.13:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:0.9.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:0.9.18:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:0.9.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1.0:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_alpha:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1_alpha:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_beta1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1_beta1:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_beta10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1_beta10:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_beta11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1_beta11:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_beta12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1_beta12:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_beta2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1_beta2:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_beta3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1_beta3:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_beta4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1_beta4:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_beta5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1_beta5:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_beta6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1_beta6:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_beta7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1_beta7:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_beta8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1_beta8:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_beta9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1_beta9:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_rc0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1_rc0:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_rc0a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1_rc0a:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_rc1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1_rc1:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_rc2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1_rc2:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_rc3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1_rc3:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_rc3a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1_rc3a:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_rc3b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1_rc3b:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_rc4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1_rc4:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_rc5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1_rc5:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_rc6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1_rc6:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_rc6a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1_rc6a:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_rc7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1_rc7:*:*:*:*:*:*:*
cpe:2.3:a:xine:xine:1_rc8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xine:xine:1_rc8:*:*:*:*:*:*:*
CVE-2006-1905 https://nvd.nist.gov/vuln/detail/CVE-2006-1905
CVE-2006-1905;OSVDB-24747 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/27670.txt
CVE-2006-1905;OSVDB-24747 Exploit https://www.securityfocus.com/bid/17579/info
GLSA-200604-15 https://security.gentoo.org/glsa/200604-15
Data source Exploit-DB
Date added April 18, 2006
Description Xine 0.9/1.0 - Playlist Handling Remote Format String
Ransomware campaign use Known
Source publication date April 18, 2006
Exploit type dos
Platform linux
Source update date Aug. 18, 2013
Source URL https://www.securityfocus.com/bid/17579/info
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2006-1905
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.91273
EPSS Score 0.07959
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.