CyberSec.Space Logo
Back to CVE Browser

CVE-2007-6731

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0340%
EPSS Percentile10.82th
PublishedSep 13, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via an OXM file with a negative value, which bypasses a check in (1) test_oxm and (2) decrunch_oxm functions in misc/oxm.c, leading to a buffer overflow.

Affected Platforms (CPE)

πŸ“¦
Claudio Matsuoka

Extended Module Player

<= 2.5.1
πŸ“¦
Claudio Matsuoka

Extended Module Player

= 2.2.0
πŸ“¦
Claudio Matsuoka

Extended Module Player

= 2.2.1
πŸ“¦
Claudio Matsuoka

Extended Module Player

= 2.3.0
πŸ“¦
Claudio Matsuoka

Extended Module Player

= 2.3.1
πŸ“¦
Claudio Matsuoka

Extended Module Player

= 2.3.2
πŸ“¦
Claudio Matsuoka

Extended Module Player

= 2.4.0
πŸ“¦
Claudio Matsuoka

Extended Module Player

= 2.4.1
πŸ“¦
Claudio Matsuoka

Extended Module Player

= 2.5.0

References & Advisories

πŸ”— http://aluigi.altervista.org/adv/xmpbof-adv.txt
πŸ”— http://www.securityfocus.com/bid/27047
πŸ”— http://www.vupen.com/english/advisories/2008/0009
πŸ”— http://aluigi.altervista.org/adv/xmpbof-adv.txt
πŸ”— http://www.securityfocus.com/bid/27047
πŸ”— http://www.vupen.com/english/advisories/2008/0009

Related Vulnerabilities

CVE-2007-673210.0

Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remo...

CVE-2007-049610.0

PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to ex...

CVE-2007-158710.0

templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows remote attackers to execute arbitrary programs by specifying the...

CVE-2007-182310.0

T-Mobile voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling N...