CVE-2007-0653

{"id": "CVE-2007-0653", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-03-21T22:19:00.000", "references": [{"url": "http://secunia.com/advisories/23986", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/advisories/24645", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/advisories/24804", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/advisories/24889", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/secunia_research/2007-47/advisory/", "tags": ["Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.debian.org/security/2007/dsa-1277", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:071", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.securityfocus.com/archive/1/463408/100/0/threaded", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.securityfocus.com/bid/23078", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.ubuntu.com/usn/usn-445-1", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.vupen.com/english/advisories/2007/1057", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33205", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/advisories/23986", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24645", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24804", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24889", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/secunia_research/2007-47/advisory/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2007/dsa-1277", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:071", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/463408/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/23078", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/usn-445-1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/1057", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33205", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption."}, {"lang": "es", "value": "Desbordamiento de enteros en el X MultiMedia System (xmms) 1.2.10 y, posiblemente, otras versiones, permite a atacantes con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante una cabecera de informaci\u00f3n manipulada en una imagen de bits de la piel (skin), lo que dispara una corrupci\u00f3n de memoria.\r\n"}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:ia32_64-bit:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4F8CD59E-22A6-4B56-8834-B8A18FBC1A7D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:x_multimedia_system:x_multimedia_system:1.2.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0FEF0E6-816D-4A7C-90A1-72A205F387A3"}], "operator": "OR"}], "operator": "AND"}], "vendorComments": [{"comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228013\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.", "lastModified": "2008-04-04T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com"}