CVE-2007-0654

{"id": "CVE-2007-0654", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-03-21T22:19:00.000", "references": [{"url": "http://secunia.com/advisories/23986", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/advisories/24645", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/advisories/24804", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/advisories/24889", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/secunia_research/2007-47/advisory/", "tags": ["Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.debian.org/security/2007/dsa-1277", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:071", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.securityfocus.com/archive/1/463408/100/0/threaded", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.securityfocus.com/bid/23078", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.ubuntu.com/usn/usn-445-1", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.vupen.com/english/advisories/2007/1057", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33203", "source": "PSIRT-CNA@flexerasoftware.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack-based buffer overflow."}, {"lang": "es", "value": "Desbordamiento inferior de b\u00fafer en X MultiMedia System (xmms) 1.2.10 permite a atacantes remotos con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante informaci\u00f3n de cabecera manipulada en una imagen de mapa de bits de una piel (skin), que resulta en un desbordamiento de b\u00fafer basado en pila."}], "lastModified": "2018-10-16T16:33:44.827", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:x_multimedia_system:x_multimedia_system:1.2.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0FEF0E6-816D-4A7C-90A1-72A205F387A3"}], "operator": "OR"}]}], "vendorComments": [{"comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228013\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.", "lastModified": "2008-04-04T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com"}