Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6731 to the following vulnerability: Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via an OXM file with a negative value, which bypasses a check in (1) test_oxm and (2) decrunch_oxm functions in misc/oxm.c, leading to a buffer overflow. References: ----------- http://aluigi.altervista.org/adv/xmpbof-adv.txt http://www.securityfocus.com/bid/27047 http://www.vupen.com/english/advisories/2008/0009 PoC: ---- http://aluigi.org/poc/xmpbof.zip (/a.out 1 out.oxm) Upstream status -- issued addressed in xmp-2.6.0: ------------------------------------------------- http://sourceforge.net/project/shownotes.php?group_id=26422&release_id=692238 Credit: ------- Luigi Auriemma
This issue affects the versions of xmp package, as shipped with Fedora releases of 10 and 11 (xmp-2.5.1-3.fc10 and xmp-2.5.1-4.fc11). Please fix.
Thanks for the report. I'm working on an update.
xmp-2.7.1-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/xmp-2.7.1-1.fc11
xmp-2.7.1-1.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/xmp-2.7.1-1.fc10
xmp-2.7.1-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
xmp-2.7.1-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.