製品・ソフトウェアに関する情報

JVN脆弱性詳細

xmms における整数アンダーフローの脆弱性

Title	xmms における整数アンダーフローの脆弱性
Summary	X MultiMedia System (xmms) には、整数アンダーフローの脆弱性が存在します。
Possible impacts	攻撃者により、skin ビットマップイメージ内の巧妙に細工されたヘッダ情報を介して、スタックベースのバッファオーバーフローが発生し、任意のコードを実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	March 21, 2007, midnight
Registration Date	Dec. 20, 2012, 6:19 p.m.
Last Update	Dec. 20, 2012, 6:19 p.m.

CVSS2.0 : 危険
Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C

Affected System

x multimedia system

x multimedia system 1.2.10

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-0654	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0654
National Vulnerability Database (NVD)
2	CVE-2007-0654	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0654

ベンダー情報

No	Name	URL
x multimedia system
1	Top Page	http://www.xmms.org/

Change Log

No	Changed Details	Date of change
0	[2012年12月20日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-0654

Summary	Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack-based buffer overflow.
Summary	Desbordamiento inferior de búfer en X MultiMedia System (xmms) 1.2.10 permite a atacantes remotos con la intervención del usuario ejecutar código de su elección mediante información de cabecera manipulada en una imagen de mapa de bits de una piel (skin), que resulta en un desbordamiento de búfer basado en pila.
Publication Date	March 22, 2007, 7:19 a.m.
Registration Date	Jan. 29, 2021, 2:06 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:x_multimedia_system:x_multimedia_system:1.2.10:::::::*

Related information, measures and tools

No	URL	refsource
1	http://secunia.com/advisories/23986	PSIRT-CNA@flexerasoftware.com
2	http://secunia.com/advisories/24645	PSIRT-CNA@flexerasoftware.com
3	http://secunia.com/advisories/24804	PSIRT-CNA@flexerasoftware.com
4	http://secunia.com/advisories/24889	PSIRT-CNA@flexerasoftware.com
5	http://secunia.com/secunia_research/2007-47/advisory/	PSIRT-CNA@flexerasoftware.com
6	http://www.debian.org/security/2007/dsa-1277	PSIRT-CNA@flexerasoftware.com
7	http://www.mandriva.com/security/advisories?name=MDKSA-2007:071	PSIRT-CNA@flexerasoftware.com
8	http://www.novell.com/linux/security/advisories/2007_6_sr.html	PSIRT-CNA@flexerasoftware.com
9	http://www.securityfocus.com/archive/1/463408/100/0/threaded	PSIRT-CNA@flexerasoftware.com
10	http://www.securityfocus.com/bid/23078	PSIRT-CNA@flexerasoftware.com
11	http://www.ubuntu.com/usn/usn-445-1	PSIRT-CNA@flexerasoftware.com
12	http://www.vupen.com/english/advisories/2007/1057	PSIRT-CNA@flexerasoftware.com
13	https://exchange.xforce.ibmcloud.com/vulnerabilities/33203	PSIRT-CNA@flexerasoftware.com
14	http://secunia.com/advisories/23986	af854a3a-2127-422b-91ae-364da2661108
15	http://secunia.com/advisories/24645	af854a3a-2127-422b-91ae-364da2661108
16	http://secunia.com/advisories/24804	af854a3a-2127-422b-91ae-364da2661108
17	http://secunia.com/advisories/24889	af854a3a-2127-422b-91ae-364da2661108
18	http://secunia.com/secunia_research/2007-47/advisory/	af854a3a-2127-422b-91ae-364da2661108
19	http://www.debian.org/security/2007/dsa-1277	af854a3a-2127-422b-91ae-364da2661108
20	http://www.mandriva.com/security/advisories?name=MDKSA-2007:071	af854a3a-2127-422b-91ae-364da2661108
21	http://www.novell.com/linux/security/advisories/2007_6_sr.html	af854a3a-2127-422b-91ae-364da2661108
22	http://www.securityfocus.com/archive/1/463408/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
23	http://www.securityfocus.com/bid/23078	af854a3a-2127-422b-91ae-364da2661108
24	http://www.ubuntu.com/usn/usn-445-1	af854a3a-2127-422b-91ae-364da2661108
25	http://www.vupen.com/english/advisories/2007/1057	af854a3a-2127-422b-91ae-364da2661108
26	https://exchange.xforce.ibmcloud.com/vulnerabilities/33203	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List