7.6 High
AI Score
Confidence
Low
0.248 Low
EPSS
Percentile
96.7%
Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via an OXM file with a negative value, which bypasses a check in (1) test_oxm and (2) decrunch_oxm functions in misc/oxm.c, leading to a buffer overflow.
aluigi.altervista.org/adv/xmpbof-adv.txt
www.securityfocus.com/bid/27047
www.vupen.com/english/advisories/2008/0009