CVE-2007-6720

Published Jan 20, 2009

Last updated 8 years ago

CVSS info 4.3

Overview

Description: libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Vendor comments

Red HatRed Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-6720 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:igno_saitz:libmikmod:3.1.9-1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "436CE81E-616B-40E4-825A-961EC9672896"
          },
          {
            "criteria": "cpe:2.3:a:igno_saitz:libmikmod:3.1.9-2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1C4E395-10DE-42A4-830C-803CE1F79F7A"
          },
          {
            "criteria": "cpe:2.3:a:igno_saitz:libmikmod:3.1.9-3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4593CEA9-5661-4F3C-B38B-369FD2043D7F"
          },
          {
            "criteria": "cpe:2.3:a:igno_saitz:libmikmod:3.1.9-4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D05D8EDA-FE5E-483A-AC78-DAFE129705C5"
          },
          {
            "criteria": "cpe:2.3:a:igno_saitz:libmikmod:3.1.9-5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CA7EDD1-5C30-41E8-B93A-F2C5FA754F64"
          },
          {
            "criteria": "cpe:2.3:a:igno_saitz:libmikmod:3.1.9-6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0F92EE1-D5F8-47A3-B674-A593A7829DD0"
          },
          {
            "criteria": "cpe:2.3:a:igno_saitz:libmikmod:3.1.10-1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F1448EB-FDFC-434A-ACE9-F6CC52B523E6"
          },
          {
            "criteria": "cpe:2.3:a:igno_saitz:libmikmod:3.1.10-2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6B9F0C8-15C0-47BF-AE69-2216A65D1D48"
          },
          {
            "criteria": "cpe:2.3:a:igno_saitz:libmikmod:3.1.10-3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0524F58-BC45-4A81-BB99-F09F03047665"
          },
          {
            "criteria": "cpe:2.3:a:igno_saitz:libmikmod:3.1.10-4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA48214A-CF42-4378-A422-803EDE5632CF"
          },
          {
            "criteria": "cpe:2.3:a:igno_saitz:libmikmod:3.1.10-5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F08B9B6-0CCD-4388-B33A-98F6A65FAEF0"
          },
          {
            "criteria": "cpe:2.3:a:igno_saitz:libmikmod:3.1.11-1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A0D92BE-E4F7-42CF-AA61-71CD46319E2E"
          },
          {
            "criteria": "cpe:2.3:a:igno_saitz:libmikmod:3.1.11-2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "563D3D39-DAFB-4F0C-BCBB-917C5082137F"
          },
          {
            "criteria": "cpe:2.3:a:igno_saitz:libmikmod:3.1.11-3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA98B82C-B0BD-4546-8047-63ECDCA27B4B"
          },
          {
            "criteria": "cpe:2.3:a:igno_saitz:libmikmod:3.1.11-4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE994EED-EA67-4A52-9AAD-30259DCD8C1E"
          },
          {
            "criteria": "cpe:2.3:a:igno_saitz:libmikmod:3.1.11-5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB091C37-6020-4202-AC51-B597C2890E68"
          },
          {
            "criteria": "cpe:2.3:a:igno_saitz:libmikmod:3.1.11-6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F88BF46A-B01D-4D8E-8BFF-6E864EBA5FE8"
          },
          {
            "criteria": "cpe:2.3:a:igno_saitz:libmikmod:3.1.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31AA2232-8FB5-4BA3-BBB1-B54443C2D57C"
          },
          {
            "criteria": "cpe:2.3:a:igno_saitz:libmikmod:3.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B88DA6E-D815-4904-AE07-5C54E72057AA"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References