Anon Sricharoenchai

**Name of the Vulnerable Software and Affected Versions** MiMMS version 0.0.9 xine-lib versions 1.1.0 and earlier **Description** The issue is a stack-based buffer overflow in libmms, which can be exploited by remote attackers to cause a denial of service, potentially leading to application crashes, and possibly allowing the execution of arbitrary code. This can occur through various functions, including `send command()`, `string utf16()`, `get data()`, and `get media packet()`, as well as possibly other functions. **Recommendations** For MiMMS version 0.0.9, consider disabling the `send command()`, `string utf16()`, `get data()`, and `get media packet()` functions as a temporary workaround until a patch is available. For xine-lib versions 1.1.0 and earlier, restrict access to the vulnerable libmms module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.