{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-03-21T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera"}, "references": [{"name": "23078", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23078"}, {"name": "23986", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23986"}, {"name": "24889", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24889"}, {"name": "xmms-skinbitmap-code-execution(33205)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33205"}, {"name": "USN-445-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-445-1"}, {"name": "SUSE-SR:2007:006", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"}, {"name": "MDKSA-2007:071", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:071"}, {"name": "DSA-1277", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1277"}, {"name": "24804", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24804"}, {"name": "ADV-2007-1057", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1057"}, {"name": "20070321 Secunia Research: XMMS Integer Overflow and UnderflowVulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/463408/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2007-47/advisory/"}, {"name": "24645", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24645"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2007-0653", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "23078", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23078"}, {"name": "23986", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23986"}, {"name": "24889", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24889"}, {"name": "xmms-skinbitmap-code-execution(33205)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33205"}, {"name": "USN-445-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-445-1"}, {"name": "SUSE-SR:2007:006", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"}, {"name": "MDKSA-2007:071", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:071"}, {"name": "DSA-1277", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2007/dsa-1277"}, {"name": "24804", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24804"}, {"name": "ADV-2007-1057", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1057"}, {"name": "20070321 Secunia Research: XMMS Integer Overflow and UnderflowVulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/463408/100/0/threaded"}, {"name": "http://secunia.com/secunia_research/2007-47/advisory/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2007-47/advisory/"}, {"name": "24645", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24645"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:26:54.293Z"}, "title": "CVE Program Container", "references": [{"name": "23078", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23078"}, {"name": "23986", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23986"}, {"name": "24889", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24889"}, {"name": "xmms-skinbitmap-code-execution(33205)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33205"}, {"name": "USN-445-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-445-1"}, {"name": "SUSE-SR:2007:006", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"}, {"name": "MDKSA-2007:071", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:071"}, {"name": "DSA-1277", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2007/dsa-1277"}, {"name": "24804", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24804"}, {"name": "ADV-2007-1057", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1057"}, {"name": "20070321 Secunia Research: XMMS Integer Overflow and UnderflowVulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/463408/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2007-47/advisory/"}, {"name": "24645", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24645"}]}]}, "cveMetadata": {"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2007-0653", "datePublished": "2007-03-21T22:00:00", "dateReserved": "2007-02-01T00:00:00", "dateUpdated": "2024-08-07T12:26:54.293Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:ia32_64-bit:*:*:*:*:*", "matchCriteriaId": "4F8CD59E-22A6-4B56-8834-B8A18FBC1A7D", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:x_multimedia_system:x_multimedia_system:1.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "C0FEF0E6-816D-4A7C-90A1-72A205F387A3", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption."}, {"lang": "es", "value": "Desbordamiento de enteros en el X MultiMedia System (xmms) 1.2.10 y, posiblemente, otras versiones, permite a atacantes con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante una cabecera de informaci\u00f3n manipulada en una imagen de bits de la piel (skin), lo que dispara una corrupci\u00f3n de memoria.\r\n"}], "id": "CVE-2007-0653", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-03-21T22:19:00.000", "references": [{"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://secunia.com/advisories/23986"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://secunia.com/advisories/24645"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://secunia.com/advisories/24804"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://secunia.com/advisories/24889"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2007-47/advisory/"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.debian.org/security/2007/dsa-1277"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:071"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/archive/1/463408/100/0/threaded"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/bid/23078"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.ubuntu.com/usn/usn-445-1"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.vupen.com/english/advisories/2007/1057"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33205"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23986"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24645"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24804"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24889"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2007-47/advisory/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2007/dsa-1277"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:071"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2007_6_sr.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/463408/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/23078"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-445-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1057"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33205"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vendorComments": [{"comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228013\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.", "lastModified": "2008-04-04T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "XMMS multiple issues (CVE-2007-0654)", "id": "228013", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=228013"}, "csaw": false, "details": ["Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption."], "name": "CVE-2007-0653", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Will not fix", "package_name": "xmms", "product_name": "Red Hat Enterprise Linux 4"}], "public_date": "2007-03-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2007-0653\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-0653"], "statement": "The Red Hat Security Response Team has rated this issue as having low security impact. There are no longer plans to fix this flaw in Red Hat Enterprise Linux 4.", "threat_severity": "Low"}