CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2007-6731

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0340%
EPSS Percentile10.82th
Published2009年9月13日
Last Modified2026年4月23日

Vulnerability Description

Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via an OXM file with a negative value, which bypasses a check in (1) test_oxm and (2) decrunch_oxm functions in misc/oxm.c, leading to a buffer overflow.

Affected Platforms (CPE)

📦
Claudio Matsuoka

Extended Module Player

<= 2.5.1
📦
Claudio Matsuoka

Extended Module Player

= 2.2.0
📦
Claudio Matsuoka

Extended Module Player

= 2.2.1
📦
Claudio Matsuoka

Extended Module Player

= 2.3.0
📦
Claudio Matsuoka

Extended Module Player

= 2.3.1
📦
Claudio Matsuoka

Extended Module Player

= 2.3.2
📦
Claudio Matsuoka

Extended Module Player

= 2.4.0
📦
Claudio Matsuoka

Extended Module Player

= 2.4.1
📦
Claudio Matsuoka

Extended Module Player

= 2.5.0

References & Advisories

🔗 http://aluigi.altervista.org/adv/xmpbof-adv.txt
🔗 http://www.securityfocus.com/bid/27047
🔗 http://www.vupen.com/english/advisories/2008/0009
🔗 http://aluigi.altervista.org/adv/xmpbof-adv.txt
🔗 http://www.securityfocus.com/bid/27047
🔗 http://www.vupen.com/english/advisories/2008/0009

相關漏洞威脅

CVE-2007-673210.0

Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remo...

CVE-2007-049610.0

PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to ex...

CVE-2007-350010.0

Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.

CVE-2007-182210.0

Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailbo...