CVE-2013-1980
published 2014-02-11CVE-2013-1980: Buffer overflow in the get_dsmp function in loaders/masi_load.c in libxmp before 4.1.0 allows remote attackers to execute arbitrary code via a crafted MASI…
PriorityP431medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
3.70%
88.4th percentile
Buffer overflow in the get_dsmp function in loaders/masi_load.c in libxmp before 4.1.0 allows remote attackers to execute arbitrary code via a crafted MASI file.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | xmp | < xmp 3.4.0-3 (bookworm) | xmp 3.4.0-3 (bookworm) |
| extended_module_player_project | extended_module_player | <= 4.0.4 | — |
| extended_module_player_project | extended_module_player | — | — |
| extended_module_player_project | extended_module_player | — | — |
| extended_module_player_project | extended_module_player | — | — |
| extended_module_player_project | extended_module_player | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9qqf-p84p-rm35: Buffer overflow in the get_dsmp function in loaders/masi_load
ghsa_unreviewed·2022-05-17
CVE-2013-1980 [MEDIUM] CWE-119 GHSA-9qqf-p84p-rm35: Buffer overflow in the get_dsmp function in loaders/masi_load
Buffer overflow in the get_dsmp function in loaders/masi_load.c in libxmp before 4.1.0 allows remote attackers to execute arbitrary code via a crafted MASI file.
OSV
CVE-2013-1980: Buffer overflow in the get_dsmp function in loaders/masi_load
osv·2014-02-11·CVSS 6.8
CVE-2013-1980 [MEDIUM] CVE-2013-1980: Buffer overflow in the get_dsmp function in loaders/masi_load
Buffer overflow in the get_dsmp function in loaders/masi_load.c in libxmp before 4.1.0 allows remote attackers to execute arbitrary code via a crafted MASI file.
Debian
CVE-2013-1980: xmp - Buffer overflow in the get_dsmp function in loaders/masi_load.c in libxmp before...
vendor_debian·2013·CVSS 6.8
CVE-2013-1980 [MEDIUM] CVE-2013-1980: xmp - Buffer overflow in the get_dsmp function in loaders/masi_load.c in libxmp before...
Buffer overflow in the get_dsmp function in loaders/masi_load.c in libxmp before 4.1.0 allows remote attackers to execute arbitrary code via a crafted MASI file.
Scope: local
bookworm: resolved (fixed in 3.4.0-3)
bullseye: resolved (fixed in 3.4.0-3)
forky: resolved (fixed in 3.4.0-3)
sid: resolved (fixed in 3.4.0-3)
trixie: resolved (fixed in 3.4.0-3)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-1980 xmp: Heap-based buffer overflow by processing certain MASI files
bugzilla·2013-04-22·CVSS 6.8
CVE-2013-1980 [MEDIUM] CVE-2013-1980 xmp: Heap-based buffer overflow by processing certain MASI files
CVE-2013-1980 xmp: Heap-based buffer overflow by processing certain MASI files
A heap-based buffer overflow flaw was found in the way xmp, the extended module player, a modplayer for Unix-like systems that plays over 90 mainstream and obscure module formats, loaded certain Music And Sound Interface (MASI) files. A remote attacker could provide a specially-crafted MASI media file that, when opened, would lead to xmp binary crash or, potentially, arbitrary code execution with the privileges of the user running the xmp executable.
References:
[1] http://sourceforge.net/projects/xmp/files/libxmp/4.1.0/Changelog/view
[2] https://secunia.com/advisories/53114/
[3] https://bugs.gentoo.org/show_bug.cgi?id=466782
[4] http://www.openwall.com/lists/oss-security/2013/04/22/5
[5] https://bugzilla.nove
Bugzilla
CVE-2013-1980 xmp: Heap-based buffer overflow by processing certain MASI files [fedora-all]
bugzilla·2013-04-22·CVSS 6.8
CVE-2013-1980 [MEDIUM] CVE-2013-1980 xmp: Heap-based buffer overflow by processing certain MASI files [fedora-all]
CVE-2013-1980 xmp: Heap-based buffer overflow by processing certain MASI files [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note:
http://secunia.com/advisories/53114http://sourceforge.net/p/xmp/libxmp/ci/a015fdfb478a60172fd225632a11bbd02870fc40http://sourceforge.net/projects/xmp/files/libxmp/4.1.0/Changelog/viewhttp://www.openwall.com/lists/oss-security/2013/04/22/12http://www.securityfocus.com/bid/59355https://bugzilla.redhat.com/show_bug.cgi?id=954658https://build.opensuse.org/request/show/174356http://secunia.com/advisories/53114http://sourceforge.net/p/xmp/libxmp/ci/a015fdfb478a60172fd225632a11bbd02870fc40http://sourceforge.net/projects/xmp/files/libxmp/4.1.0/Changelog/viewhttp://www.openwall.com/lists/oss-security/2013/04/22/12http://www.securityfocus.com/bid/59355https://bugzilla.redhat.com/show_bug.cgi?id=954658https://build.opensuse.org/request/show/174356
2014-02-11
Published