CVE-2007-0653 - Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assi

CVE-2007-0653

Summary

Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption.

References

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:*:*:ia32_64-bit:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:ia32_64-bit:*:*:*:*:*
cpe:2.3:a:x_multimedia_system:x_multimedia_system:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:x_multimedia_system:x_multimedia_system:1.2.10:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 16-10-2018 - 16:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	23078
bugtraq	20070321 Secunia Research: XMMS Integer Overflow and UnderflowVulnerabilities
debian	DSA-1277
mandriva	MDKSA-2007:071
misc	http://secunia.com/secunia_research/2007-47/advisory/
secunia	23986 24645 24804 24889
suse	SUSE-SR:2007:006
ubuntu	USN-445-1
vupen	ADV-2007-1057
xf	xmms-skinbitmap-code-execution(33205)

statements via4

contributor	Mark J Cox
lastmodified	2008-04-04
organization	Red Hat
statement	Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228013 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.

Last major update

16-10-2018 - 16:33

Published

21-03-2007 - 22:19

Last modified

16-10-2018 - 16:33