Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-4938 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mplayer

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents5 sources

Severity

7.6HIGHNVD

NVD4.3

EPSS

10.0%

top 6.93%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mplayer Debian Mplayer

Timeline

PublishedSep 18

Latest updateMay 1

Description

Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/mplayer< mplayer 1.0~rc3+svn20100502-1 (bookworm)+1

▶Debianmplayer/mplayer< 1.0~rc3+svn20100502-1+7

▶NVDmplayer/mplayer1.0_rc1+20

🔴Vulnerability Details

GHSA

GHSA-cm2q-rjp7-2xcv: Heap-based buffer overflow in libmpdemux/aviheader↗2022-05-01

▶

GHSA

GHSA-r35q-7952-c6qv: MPlayer, possibly 1↗2022-05-01

▶

OSV

CVE-2007-6718: MPlayer, possibly 1↗2008-10-20

▶

OSV

CVE-2007-4938: Heap-based buffer overflow in libmpdemux/aviheader↗2007-09-18

▶

💥Exploits & PoCs

Exploit-DB

MPlayer 1.0 - AVIHeader.C Heap Buffer Overflow↗2007-09-12

▶

📋Vendor Advisories

Debian

CVE-2007-6718: mplayer - MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (...↗2007

▶

Debian

CVE-2007-4938: mplayer - Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earli...↗2007

▶