{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors related to an untrusted length value and the (1) pofs and (2) plen arrays."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-09-13T22:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2008-0009", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0009"}, {"tags": ["x_refsource_MISC"], "url": "http://aluigi.altervista.org/adv/xmpbof-adv.txt"}, {"name": "27047", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27047"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6732", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors related to an untrusted length value and the (1) pofs and (2) plen arrays."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2008-0009", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0009"}, {"name": "http://aluigi.altervista.org/adv/xmpbof-adv.txt", "refsource": "MISC", "url": "http://aluigi.altervista.org/adv/xmpbof-adv.txt"}, {"name": "27047", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27047"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:18:20.654Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2008-0009", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0009"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://aluigi.altervista.org/adv/xmpbof-adv.txt"}, {"name": "27047", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27047"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-6732", "datePublished": "2009-09-13T22:00:00Z", "dateReserved": "2009-09-13T00:00:00Z", "dateUpdated": "2024-09-16T22:30:57.135Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:claudio_matsuoka:extended_module_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "75D57072-FB7D-492A-9598-CACE7ECBBF8A", "versionEndIncluding": "2.5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:claudio_matsuoka:extended_module_player:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A329FEF0-CCA9-463C-B1A8-742342193815", "vulnerable": true}, {"criteria": "cpe:2.3:a:claudio_matsuoka:extended_module_player:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "EB814723-8284-4D7B-AC1F-2BEBE3BBC47E", "vulnerable": true}, {"criteria": "cpe:2.3:a:claudio_matsuoka:extended_module_player:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9D8AE9AF-2AFA-4CC1-A434-4AE238A5207B", "vulnerable": true}, {"criteria": "cpe:2.3:a:claudio_matsuoka:extended_module_player:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "13BE4EDE-5BE6-4C1F-9402-C9CDB5B5DB18", "vulnerable": true}, {"criteria": "cpe:2.3:a:claudio_matsuoka:extended_module_player:2.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "0E8751F9-9012-45BC-8EEE-B1FD71A070F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:claudio_matsuoka:extended_module_player:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5793923-D9A1-4A31-A5AD-C73CB8DB7F7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:claudio_matsuoka:extended_module_player:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "767BA633-F914-482F-A517-9ABC19F26529", "vulnerable": true}, {"criteria": "cpe:2.3:a:claudio_matsuoka:extended_module_player:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "A10E8E57-C623-4F06-99D0-2802A5016EC0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors related to an untrusted length value and the (1) pofs and (2) plen arrays."}, {"lang": "es", "value": "M\u00faltiples desbordamientos del b\u00fafer en la funci\u00f3n dtt_load de loaders/dtt_load.c Extended Module Player (XMP) v2.5.1 y anteriores, permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores no especificados relacionados con un valor de tama\u00f1o no confiable y los arrays (1) pofs y (2) plen."}], "id": "CVE-2007-6732", "lastModified": "2009-09-14T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-09-13T22:30:00.267", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://aluigi.altervista.org/adv/xmpbof-adv.txt"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/27047"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/0009"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "xmp: Buffer overflow in DTT file loader", "id": "523147", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=523147"}, "csaw": false, "cvss": {"cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "status": "draft"}, "details": ["Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors related to an untrusted length value and the (1) pofs and (2) plen arrays."], "name": "CVE-2007-6732", "public_date": "2007-12-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2007-6732\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-6732"], "threat_severity": "Moderate"}