mailing list archives
[Kaffeine Security Advisory] Heap based buffer overflow in http_peek()
From: Dirk Mueller <mueller () kde org>
Date: Wed, 5 Apr 2006 02:46:46 +0200
Kaffeine buffer overflow in http_peek()
Original Release Date: 2006-04-04
1. Systems affected:
Kaffeine 0.4.2 up to including Kaffeine 0.7.1. Kaffeine
0.8.0 not affected.
Kaffeine can produce a buffer overflow in http_peek() while
creating HTTP request headers for fetching remote playlists,
which under certain circumstances could be used to crash the
application and/or execute arbitrary code.
Remotely supplied playlists can be used to execute arbitrary
code on the local machine.
Source code patches have been made available which fix these
vulnerabilities. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.
Patch for Kaffeine 0.7.x is available from
Patch for Kaffeine 0.5.x is available from
Patch for Kaffeine 0.4.x is available from
We'd like to thank Marcus Meissner for discovering and reporting
- [Kaffeine Security Advisory] Heap based buffer overflow in http_peek() Dirk Mueller (Apr 09)