CVE-2013-1980

2014-02-1117:55:06

CWE-119

[email protected]

web.nvd.nist.gov

cve-2013-1980

buffer overflow

get_dsmp function

libxmp

remote code execution

crafted masi file

nvd

7.6 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.086 Low

EPSS

Percentile

94.5%

JSON

Buffer overflow in the get_dsmp function in loaders/masi_load.c in libxmp before 4.1.0 allows remote attackers to execute arbitrary code via a crafted MASI file.

Affected configurations

NVD

Node

extended_module_player_projectextended_module_playerRange≤4.0.4

extended_module_player_projectextended_module_playerMatch4.0.0

extended_module_player_projectextended_module_playerMatch4.0.1

extended_module_player_projectextended_module_playerMatch4.0.2

extended_module_player_projectextended_module_playerMatch4.0.3

CPENameOperatorVersion
extended_module_player_project:extended_module_playerextended module player project extended module playerle4.0.4
extended_module_player_project:extended_module_playerextended module player project extended module playereq4.0.0
extended_module_player_project:extended_module_playerextended module player project extended module playereq4.0.1
extended_module_player_project:extended_module_playerextended module player project extended module playereq4.0.2
extended_module_player_project:extended_module_playerextended module player project extended module playereq4.0.3

CPE	Name	Operator	Version
extended_module_player_project:extended_module_player	extended module player project extended module player	le	4.0.4
extended_module_player_project:extended_module_player	extended module player project extended module player	eq	4.0.0
extended_module_player_project:extended_module_player	extended module player project extended module player	eq	4.0.1
extended_module_player_project:extended_module_player	extended module player project extended module player	eq	4.0.2
extended_module_player_project:extended_module_player	extended module player project extended module player	eq	4.0.3