CVE-2007-6732
published 2009-09-13CVE-2007-6732: Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute…
PriorityP347critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
5.62%
92.0th percentile
Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors related to an untrusted length value and the (1) pofs and (2) plen arrays.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| claudio_matsuoka | extended_module_player | <= 2.5.1 | — |
| claudio_matsuoka | extended_module_player | — | — |
| claudio_matsuoka | extended_module_player | — | — |
| claudio_matsuoka | extended_module_player | — | — |
| claudio_matsuoka | extended_module_player | — | — |
| claudio_matsuoka | extended_module_player | — | — |
| claudio_matsuoka | extended_module_player | — | — |
| claudio_matsuoka | extended_module_player | — | — |
| claudio_matsuoka | extended_module_player | — | — |
| debian | xmp | < xmp 2.6.1-1 (bookworm) | xmp 2.6.1-1 (bookworm) |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0LOW
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
xmp: Buffer overflow in DTT file loader
vendor_redhat·2007-12-27·CVSS 10.0
CVE-2007-6732 [CRITICAL] xmp: Buffer overflow in DTT file loader
xmp: Buffer overflow in DTT file loader
Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors related to an untrusted length value and the (1) pofs and (2) plen arrays.
Debian
CVE-2007-6732: xmp - Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extende...
vendor_debian·2007·CVSS 10.0
CVE-2007-6732 [CRITICAL] CVE-2007-6732: xmp - Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extende...
Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors related to an untrusted length value and the (1) pofs and (2) plen arrays.
Scope: local
bookworm: resolved (fixed in 2.6.1-1)
bullseye: resolved (fixed in 2.6.1-1)
forky: resolved (fixed in 2.6.1-1)
sid: resolved (fixed in 2.6.1-1)
trixie: resolved (fixed in 2.6.1-1)
GHSA
GHSA-3hmr-jrgj-vchc: Multiple buffer overflows in the dtt_load function in loaders/dtt_load
ghsa_unreviewed·2022-05-01
CVE-2007-6732 [HIGH] CWE-119 GHSA-3hmr-jrgj-vchc: Multiple buffer overflows in the dtt_load function in loaders/dtt_load
Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors related to an untrusted length value and the (1) pofs and (2) plen arrays.
OSV
CVE-2007-6732: Multiple buffer overflows in the dtt_load function in loaders/dtt_load
osv·2009-09-13·CVSS 10.0
CVE-2007-6732 [CRITICAL] CVE-2007-6732: Multiple buffer overflows in the dtt_load function in loaders/dtt_load
Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors related to an untrusted length value and the (1) pofs and (2) plen arrays.
No detection rules found.
No public exploits indexed.
2009-09-13
Published