CVE-2007-6731

XMP 2.5.1 - RCE

Title source: llm

Description

Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via an OXM file with a negative value, which bypasses a check in (1) test_oxm and (2) decrunch_oxm functions in misc/oxm.c, leading to a buffer overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Luigi Auriemma · cdoslinux
https://www.exploit-db.com/exploits/30942

References (3)

Scores

EPSS 0.0684
EPSS Percentile 91.4%

Details

CWE
CWE-94
Status published
Products (9)
claudio_matsuoka/extended_module_player 2.2.0
claudio_matsuoka/extended_module_player 2.2.1
claudio_matsuoka/extended_module_player 2.3.0
claudio_matsuoka/extended_module_player 2.3.1
claudio_matsuoka/extended_module_player 2.3.2
claudio_matsuoka/extended_module_player 2.4.0
claudio_matsuoka/extended_module_player 2.4.1
claudio_matsuoka/extended_module_player 2.5.0
claudio_matsuoka/extended_module_player < 2.5.1
Published Sep 13, 2009
Tracked Since Feb 18, 2026