CVE-2007-1246 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mplayer

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents6 sources

Severity

7.6HIGHNVD

NVD6.8

EPSS

9.3%

top 7.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mplayer Debian Mplayer

Timeline

PublishedMar 3

Latest updateMay 1

Description

The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1387.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/mplayer< mplayer 1.0~rc1-13 (bookworm)

▶Debianmplayer/mplayer< 1.0~rc1-13+3

▶NVDmplayer/mplayer1.0_rc1

Patches

Patch: svn.mplayerhq.hu ↗Patch: svn.mplayerhq.hu ↗

🔴Vulnerability Details

GHSA

GHSA-p2g2-cx5m-mpwf: The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder↗2022-05-01

▶

GHSA

GHSA-756r-25x7-3hx6: The DirectShow loader (loader/dshow/DS_VideoDecoder↗2022-05-01

▶

OSV

CVE-2007-1387: The DirectShow loader (loader/dshow/DS_VideoDecoder↗2007-03-13

▶

OSV

CVE-2007-1246: The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder↗2007-03-03

▶

📋Vendor Advisories

Ubuntu

Xine vulnerability↗2007-03-09

▶

Debian

CVE-2007-1387: mplayer - The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer 1.0rc1 and ear...↗2007

▶

Debian

CVE-2007-1246: mplayer - The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1...↗2007

▶

💬Community

Bugzilla

CVE-2007-1246, CVE-2007-1387: xine-lib buffer overflows↗2007-03-10

▶