Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2007-6731

Published: 13/09/2009 Updated: 14/09/2009
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Claudio Matsuoka

Vulnerability Summary

Extended Module Player (XMP) 2.5.1 and previous versions allow remote malicious users to execute arbitrary code via an OXM file with a negative value, which bypasses a check in (1) test_oxm and (2) decrunch_oxm functions in misc/oxm.c, leading to a buffer overflow.

Vulnerable Product Search on Vulmon Subscribe to Product

claudio matsuoka extended module player 2.4.1

claudio matsuoka extended module player 2.4.0

claudio matsuoka extended module player 2.3.2

claudio matsuoka extended module player 2.3.1

claudio matsuoka extended module player

claudio matsuoka extended module player 2.2.1

claudio matsuoka extended module player 2.5.0

claudio matsuoka extended module player 2.3.0

claudio matsuoka extended module player 2.2.0

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2007-6731, CVE-2007-6732: Multiple buffer overflows
Debian Bug report logs - #546730 CVE-2007-6731, CVE-2007-6732: Multiple buffer overflows Package: xmp; Maintainer for xmp is Stephen Kitt <skitt@debianorg>; Source for xmp is src:xmp (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Tue, 15 Sep 2009 11:24:06 UTC Severity: serious Tag ...

Exploits

Exploit DB: Extended Module Player (xmp) 2.5.1 - 'oxm.c' / 'dtt_load.c' Multiple Local Buffer Overflow Vulnerabilities
source: wwwsecurityfocuscom/bid/27047/info Extended Module Player (xmp) is prone to multiple local buffer-overflow vulnerabilities because it fails to perform adequate boundary checks before copying user-supplied input into an insufficiently sized buffer These issues occur when the application handles specially crafted OXM and DTT files ...

References

CWE-94http://www.securityfocus.com/bid/27047http://www.vupen.com/english/advisories/2008/0009http://aluigi.altervista.org/adv/xmpbof-adv.txthttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546730https://nvd.nist.govhttps://www.exploit-db.com/exploits/30942/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook