Vulnerability Details : CVE-2006-3582
Multiple heap-based buffer overflows in Audacious AdPlug 2.0 and earlier allow remote user-assisted attackers to execute arbitrary code via the size specified in the package header of (1) CFF, (2) MTK, (3) DMO, and (4) U6M files.
Vulnerability category: OverflowExecute code
Products affected by CVE-2006-3582
- cpe:2.3:a:audacious_media_player_team:adplug:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-3582
11.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-3582
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
CWE ids for CVE-2006-3582
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-3582
-
http://security.gentoo.org/glsa/glsa-200609-06.xml
AdPlug: Multiple vulnerabilities (GLSA 200609-06) — Gentoo security
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/27670
AdPlug DMO file buffer overflow CVE-2006-3582 Vulnerability Report
-
http://www.securityfocus.com/archive/1/439432/100/100/threaded
-
http://www.securityfocus.com/bid/18859
Exploit
-
http://www.vupen.com/english/advisories/2006/2697
Site en constructionVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/27677
AdPlug U6M file buffer overflow CVE-2006-3582 Vulnerability Report
-
http://adplug.cvs.sourceforge.net/adplug/adplug/src/cff.cpp?r1=1.16&r2=1.17
CVS Info for project adplug
-
http://security.gentoo.org/glsa/glsa-200607-13.xml
Audacious: Multiple heap and buffer overflows (GLSA 200607-13) — Gentoo security
-
http://aluigi.altervista.org/adv/adplugbof-adv.txt
Exploit;Vendor Advisory
Jump to