Vulnerability Name:

CVE-2006-1514 (CCN-30139)

Assigned:2006-04-26
Published:2006-04-26
Updated:2011-03-08
Summary:Multiple buffer overflows in the abcmidi-yaps translator in abcmidi 20050101, and other versions, allow remote attackers to execute arbitrary code via crafted ABC music files that trigger the overflows during translation into PostScript.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: abcMIDI Web page
abcMIDI

Source: MITRE
Type: CNA
CVE-2006-1514

Source: CCN
Type: SA19826
abcmidi ABC Music File Handling Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
19826

Source: SECUNIA
Type: Patch, Vendor Advisory
19829

Source: DEBIAN
Type: Patch
DSA-1043

Source: DEBIAN
Type: DSA-1043
abcmidi -- buffer overflows

Source: OSVDB
Type: Patch
24974

Source: CCN
Type: OSVDB ID: 24974
abcMIDI ABC Music File Handling Overflow

Source: BID
Type: UNKNOWN
17704

Source: CCN
Type: BID-17704
ABCMIDI ABC Music Files Remote Buffer Overflow Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-1531

Source: XF
Type: UNKNOWN
abcmidi-drawtune-bo(30139)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:abcmidi:abcmidi:2004-12-04:*:*:*:*:*:*:*
  • OR cpe:/a:abcmidi:abcmidi:2005-01-01:*:*:*:*:*:*:*
  • OR cpe:/a:abcmidi:abcmidi:*:*:*:*:*:*:*:* (Version <= 2006-04-22)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:1043
    V
    		buffer overflows
    2006-04-26
    BACK
    abcmidi abcmidi 2004-12-04
    abcmidi abcmidi 2005-01-01
    abcmidi abcmidi *