CVE-2004-1309 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mplayer

4 documents4 sources

Severity

10.0CRITICALNVD

EPSS

5.5%

top 9.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mplayer Debian Mplayer Mplayer Unix Mplayer

Timeline

PublishedJan 10

Latest updateApr 29

Description

Heap-based buffer overflow in the demux_open_bmp function in demux_bmp.c for Unix MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a bitmap (BMP) file containing a large biClrUsed field.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDmplayer/unix_mplayer1.0_pre5

▶debiandebian/mplayer< mplayer 1.0~pre6a-1 (bookworm)

▶Debianmplayer/mplayer< 1.0~pre6a-1+3

🔴Vulnerability Details

GHSA

GHSA-xxfg-v7qr-vxwh: Heap-based buffer overflow in the demux_open_bmp function in demux_bmp↗2022-04-29

▶

OSV

CVE-2004-1309: Heap-based buffer overflow in the demux_open_bmp function in demux_bmp↗2005-01-10

▶

📋Vendor Advisories

Debian

CVE-2004-1309: mplayer - Heap-based buffer overflow in the demux_open_bmp function in demux_bmp.c for Uni...↗2004

▶