Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-z45c-4rt6-jqc9
Vulnerability ID VCID-z45c-4rt6-jqc9
Aliases CVE-2007-4398
Summary Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and (2) xmms.pl 1.1 scripts for WeeChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.
Status Published
Exploitability 0.5
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.02115 https://api.first.org/data/v1/epss?cve=CVE-2007-4398
epss 0.02115 https://api.first.org/data/v1/epss?cve=CVE-2007-4398
epss 0.02115 https://api.first.org/data/v1/epss?cve=CVE-2007-4398
epss 0.02115 https://api.first.org/data/v1/epss?cve=CVE-2007-4398
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2007-4398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4398
439839 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439839
439840 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=439840
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.84485
EPSS Score 0.02115
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:24:03.556798+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0