CVE-2004-0386
published 2004-05-04CVE-2004-0386: Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.
PriorityP351critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
26.98%
97.8th percentile
Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | mplayer | < mplayer 1.0~pre6a-1 (bookworm) | mplayer 1.0~pre6a-1 (bookworm) |
| gentoo | linux | — | — |
| gentoo | linux | — | — |
| gentoo | linux | — | — |
| gentoo | linux | — | — |
| gentoo | linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | >= 0 < 1.0~pre6a-1 | 1.0~pre6a-1 |
| mplayer | mplayer | >= 0 < 1.0~pre6a-1 | 1.0~pre6a-1 |
| mplayer | mplayer | >= 0 < 1.0~pre6a-1 | 1.0~pre6a-1 |
| mplayer | mplayer | >= 0 < 1.0~pre6a-1 | 1.0~pre6a-1 |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2004-0386: mplayer - Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0....
vendor_debian·2004·CVSS 10.0
CVE-2004-0386 [CRITICAL] CVE-2004-0386: mplayer - Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0....
Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.
Scope: local
bookworm: resolved (fixed in 1.0~pre6a-1)
bullseye: resolved (fixed in 1.0~pre6a-1)
forky: resolved (fixed in 1.0~pre6a-1)
sid: resolved (fixed in 1.0~pre6a-1)
trixie: resolved (fixed in 1.0~pre6a-1)
GHSA
GHSA-qpvf-9394-g8pr: Buffer overflow in the HTTP parser for MPlayer 1
ghsa_unreviewed·2022-04-29
CVE-2004-0386 [HIGH] GHSA-qpvf-9394-g8pr: Buffer overflow in the HTTP parser for MPlayer 1
Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.
OSV
CVE-2004-0386: Buffer overflow in the HTTP parser for MPlayer 1
osv·2004-05-04·CVSS 10.0
CVE-2004-0386 [CRITICAL] CVE-2004-0386: Buffer overflow in the HTTP parser for MPlayer 1
Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.
No detection rules found.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=108067020624076&w=2http://secunia.com/advisories/11259http://security.gentoo.org/glsa/glsa-200403-13.xmlhttp://www.kb.cert.org/vuls/id/723910http://www.mandriva.com/security/advisories?name=MDKSA-2004:026http://www.mplayerhq.hu/homepage/design6/news.htmlhttp://www.securityfocus.com/archive/1/359025http://www.securityfocus.com/bid/10008https://exchange.xforce.ibmcloud.com/vulnerabilities/15675http://marc.info/?l=bugtraq&m=108067020624076&w=2http://secunia.com/advisories/11259http://security.gentoo.org/glsa/glsa-200403-13.xmlhttp://www.kb.cert.org/vuls/id/723910http://www.mandriva.com/security/advisories?name=MDKSA-2004:026http://www.mplayerhq.hu/homepage/design6/news.htmlhttp://www.securityfocus.com/archive/1/359025http://www.securityfocus.com/bid/10008https://exchange.xforce.ibmcloud.com/vulnerabilities/15675
2004-05-04
Published