CVE-2005-0020

Current Description

Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code.

Basic Data

PublishedApril 14, 2005
Last ModifiedJuly 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.2
SeverityHIGH
Exploitability Score3.9
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationPlaymidiPlaymidi2.3.1*******
    2.3ApplicationPlaymidiPlaymidi2.3.2*******
    2.3ApplicationPlaymidiPlaymidi2.3.3*******
    2.3ApplicationPlaymidiPlaymidi2.3.4*******
    2.3ApplicationPlaymidiPlaymidi2.3.5*******
    2.3ApplicationPlaymidiPlaymidi2.3.6*******
    2.3ApplicationPlaymidiPlaymidi2.3.7*******
    2.3ApplicationPlaymidiPlaymidi2.3.8*******
    2.3ApplicationPlaymidiPlaymidi2.3.9*******
    2.3ApplicationPlaymidiPlaymidi2.3.10*******
    2.3ApplicationPlaymidiPlaymidi2.3.11*******
    2.3ApplicationPlaymidiPlaymidi2.3.12*******
    2.3ApplicationPlaymidiPlaymidi2.3.13*******
    2.3ApplicationPlaymidiPlaymidi2.3.14*******
    2.3ApplicationPlaymidiPlaymidi2.3.15*******
    2.3ApplicationPlaymidiPlaymidi2.3.16*******
    2.3ApplicationPlaymidiPlaymidi2.3.17*******
    2.3ApplicationPlaymidiPlaymidi2.3.18*******
    2.3ApplicationPlaymidiPlaymidi2.3.19*******
    2.3ApplicationPlaymidiPlaymidi2.3.20*******
    2.3ApplicationPlaymidiPlaymidi2.3.21*******
    2.3ApplicationPlaymidiPlaymidi2.3.22*******
    2.3ApplicationPlaymidiPlaymidi2.3.23*******
    2.3ApplicationPlaymidiPlaymidi2.3.24*******
    2.3ApplicationPlaymidiPlaymidi2.3.25*******
    2.3ApplicationPlaymidiPlaymidi2.3.25.1*******
    2.3ApplicationPlaymidiPlaymidi2.3.26*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSMandrakesoftMandrake Linux10.0*******
    2.3OSMandrakesoftMandrake Linux10.0*amd64*****
    2.3OSMandrakesoftMandrake Linux10.1*******
    2.3OSMandrakesoftMandrake Linux10.1*x86_64*****
    2.3OSMandrakesoftMandrake Linux Corporate Server3.0*******

Vulnerable Software List

VendorProductVersions
Playmidi Playmidi 2.3.1, 2.3.10, 2.3.11, 2.3.12, 2.3.13, 2.3.14, 2.3.15, 2.3.16, 2.3.17, 2.3.18, 2.3.19, 2.3.2, 2.3.20, 2.3.21, 2.3.22, 2.3.23, 2.3.24, 2.3.25, 2.3.25.1, 2.3.26, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9
Mandrakesoft Mandrake Linux 10.0, 10.1
Mandrakesoft Mandrake Linux Corporate Server 3.0

References

NameSourceURLTags
13828http://secunia.com/advisories/13828SECUNIA
13890http://secunia.com/advisories/13890SECUNIA
13898http://secunia.com/advisories/13898SECUNIA
1012957http://securitytracker.com/id?1012957SECTRACK
DSA-641http://www.debian.org/security/2005/dsa-641DEBIANPatch Vendor Advisory
MDKSA-2005:010http://www.mandriva.com/security/advisories?name=MDKSA-2005:010MANDRAKE
13049http://www.osvdb.org/13049OSVDB
12274http://www.securityfocus.com/bid/12274BID
playmidi-bo(18933)https://exchange.xforce.ibmcloud.com/vulnerabilities/18933XF