Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors related to an untrusted length value and the (1) pofs and (2) plen arrays.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C
Vendors Products
Claudio Matsuoka
  • Extended Module Player

Configuration 1 [-]

OR cpe:2.3:a:claudio_matsuoka:extended_module_player:*:*:*:*:*:*:*:*
cpe:2.3:a:claudio_matsuoka:extended_module_player:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:claudio_matsuoka:extended_module_player:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:claudio_matsuoka:extended_module_player:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:claudio_matsuoka:extended_module_player:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:claudio_matsuoka:extended_module_player:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:claudio_matsuoka:extended_module_player:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:claudio_matsuoka:extended_module_player:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:claudio_matsuoka:extended_module_player:2.5.0:*:*:*:*:*:*:*
References
Link Resource
http://aluigi.altervista.org/adv/xmpbof-adv.txt Exploit
http://www.securityfocus.com/bid/27047 Exploit
http://www.vupen.com/english/advisories/2008/0009 Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:14:27

Updated: 2022-10-03T16:14:27

Reserved: 2022-10-03T00:00:00

Link: CVE-2007-6732

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2009-09-13T22:30:00.267

Modified: 2009-09-14T04:00:00.000

Link: CVE-2007-6732

JSON object: View

cve-icon Redhat Information

No data.

CWE