Common Vulnerabilities and Exposures assigned an identifier CVE-200-6732 to the following vulnerability: Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors related to an untrusted length value and the (1) pofs and (2) plen arrays. References: ----------- http://aluigi.altervista.org/adv/xmpbof-adv.txt http://www.securityfocus.com/bid/27047 http://www.vupen.com/english/advisories/2008/0009 PoC: --- http://aluigi.org/poc/xmpbof.zip (a.out 2 out.dtt) Upstream status -- issued addressed in xmp-2.6.0: ------------------------------------------------- http://sourceforge.net/project/shownotes.php?group_id=26422&release_id=692238 Credit: ------- Luigi Auriemma
This issue affects the versions of xmp package, as shipped with Fedora releases of 10 and 11 (xmp-2.5.1-3.fc10 and xmp-2.5.1-4.fc11). Please fix.
Thanks for the report. I'm working on an update.
xmp-2.7.1-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/xmp-2.7.1-1.fc11
xmp-2.7.1-1.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/xmp-2.7.1-1.fc10
xmp-2.7.1-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
xmp-2.7.1-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.