CVE-2007-2948 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mplayer

4 documents4 sources

Severity

9.3CRITICALNVD

EPSS

13.2%

top 5.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mplayer Debian Mplayer

Timeline

PublishedJun 7

Latest updateMay 1

Description

Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long (1) album title or (2) category.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/mplayer< mplayer 1.0~rc1-14 (bookworm)

▶Debianmplayer/mplayer< 1.0~rc1-14+3

▶NVDmplayer/mplayer1.0_rc1

Patches

Patch: lists.mplayerhq.hu ↗Patch: secunia.com ↗Patch: lists.mplayerhq.hu ↗

🔴Vulnerability Details

GHSA

GHSA-mq47-wx4f-vq7g: Multiple stack-based buffer overflows in stream/stream_cddb↗2022-05-01

▶

OSV

CVE-2007-2948: Multiple stack-based buffer overflows in stream/stream_cddb↗2007-06-07

▶

📋Vendor Advisories

Debian

CVE-2007-2948: mplayer - Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before ...↗2007

▶