Description
Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors related to an untrusted length value and the (1) pofs and (2) plen arrays.
References (3)
Core 3
Core References
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0009
Exploit x_refsource_misc
http://aluigi.altervista.org/adv/xmpbof-adv.txt
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27047
Scores
EPSS
0.0562
EPSS Percentile
92.1%
Details
CWE
CWE-119
Status
published
Products (9)
claudio_matsuoka/extended_module_player
2.2.0
claudio_matsuoka/extended_module_player
2.2.1
claudio_matsuoka/extended_module_player
2.3.0
claudio_matsuoka/extended_module_player
2.3.1
claudio_matsuoka/extended_module_player
2.3.2
claudio_matsuoka/extended_module_player
2.4.0
claudio_matsuoka/extended_module_player
2.4.1
claudio_matsuoka/extended_module_player
2.5.0
claudio_matsuoka/extended_module_player
< 2.5.1
Published
Sep 13, 2009
Tracked Since
Feb 18, 2026