VDB
CVE-2007-6720
CVE-2007-6720
PUBLISHED
CVSS 4.300000190734863 MEDIUM
libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers to cause a denial of service (application crash) by loading multiple songs (aka MOD files) with different numbers of channels.
EPSS 1.11% · 78.5th percentile
Risk Scores
CVSS 2.0
4.300000190734863
EPSS Score
1.11%
78.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| igno_saitz | libmikmod | 3.1.9-1, 3.1.9-5, 3.1.9-4 |
| n/a | n/a | n/a |
Exploit Intelligence
- 34259 (circl)
- 33235 (circl)
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=422021 (circl)
- FEDORA-2009-9095 (circl)
- SUSE-SR:2009:006 (circl)
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html (circl)
- FEDORA-2009-9112 (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=479829 (circl)
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=461519 (circl)
- [oss-security] 20090113 CVE Request -- libmikmod (circl)
Timeline
- Jan 20, 2009 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 1, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- 34259 third-party-advisory
- 33235 vdb
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=422021 url
- FEDORA-2009-9095 vendor-advisory
- SUSE-SR:2009:006 vendor-advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html url
- FEDORA-2009-9112 vendor-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=479829 url
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=461519 url
- [oss-security] 20090113 CVE Request -- libmikmod mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2007-6720 advisory