cbcvebase.
CVE-2007-6732
published 2009-09-13

CVE-2007-6732: Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute…

PriorityP347critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
5.62%
92.0th percentile
Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors related to an untrusted length value and the (1) pofs and (2) plen arrays.

Affected

10 ranges
VendorProductVersion rangeFixed in
claudio_matsuokaextended_module_player<= 2.5.1
claudio_matsuokaextended_module_player
claudio_matsuokaextended_module_player
claudio_matsuokaextended_module_player
claudio_matsuokaextended_module_player
claudio_matsuokaextended_module_player
claudio_matsuokaextended_module_player
claudio_matsuokaextended_module_player
claudio_matsuokaextended_module_player
debianxmp< xmp 2.6.1-1 (bookworm)xmp 2.6.1-1 (bookworm)

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0LOW
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.