Home

Description

Xion Audio Player versions prior to 1.0.126 are vulnerable to a Unicode-based stack buffer overflow triggered by opening a specially crafted .m3u playlist file. The file contains an overly long string that overwrites the Structured Exception Handler (SEH) chain, allowing an attacker to hijack execution flow and run arbitrary code.

PUBLISHED Reserved 2025-08-19 | Published 2025-08-20 | Updated 2025-08-20 | Assigner VulnCheck




HIGH: 8.4CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-121 Stack-based Buffer Overflow

Product status

Default status
unknown

*
affected

Credits

hadji samir finder

References

raw.githubusercontent.com/...s/fileformat/xion_m3u_sehbof.rb exploit

www.exploit-db.com/exploits/14517 exploit

www.exploit-db.com/exploits/14633 exploit

www.exploit-db.com/exploits/15598 exploit

www.exploit-db.com/exploits/16653 exploit

www.r2.com.au/page/products/download/xion-audio-player/ product

www.vulncheck.com/...io-player-unicode-stack-buffer-overflow third-party-advisory

cve.org (CVE-2010-20042)

nvd.nist.gov (CVE-2010-20042)

Download JSON