Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-85bm-wc5z-ykg4
Vulnerability ID VCID-85bm-wc5z-ykg4
Aliases CVE-2007-4396
Summary Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33tmusic.pl 2.00, (3) mpg123.pl 0.01, (4) ogg123.pl 0.01, (5) xmms.pl 2.0, (6) xmms2.pl 1.1.3, and (7) xmmsinfo.pl 1.1.1.1 scripts for irssi before 0.8.11 allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
Status Published
Exploitability 0.5
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.01848 https://api.first.org/data/v1/epss?cve=CVE-2007-4396
epss 0.01848 https://api.first.org/data/v1/epss?cve=CVE-2007-4396
epss 0.01848 https://api.first.org/data/v1/epss?cve=CVE-2007-4396
epss 0.01848 https://api.first.org/data/v1/epss?cve=CVE-2007-4396
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2007-4396
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4396
439840 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439840
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.83406
EPSS Score 0.01848
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:24:03.541024+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0