cbcvebase.
CVE-2007-4938
published 2007-09-18

CVE-2007-4938: Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or…

PriorityP346high7.6CVSS 2.0
AVNACHAuNCCICAC
EXPLOIT
EPSS
16.05%
96.5th percentile
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.

Affected

31 ranges· showing 25
VendorProductVersion rangeFixed in
debianmplayer< mplayer 1.0~rc3+svn20100502-1 (bookworm)mplayer 1.0~rc3+svn20100502-1 (bookworm)
debianmplayer< mplayer 1.0~rc1-16.1 (bookworm)mplayer 1.0~rc1-16.1 (bookworm)
mplayermplayer<= 1.0_rc1
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer
mplayermplayer>= 0 < 1.0~rc3+svn20100502-11.0~rc3+svn20100502-1
mplayermplayer>= 0 < 1.0~rc1-16.11.0~rc1-16.1

CVSS provenance

nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
osv7.6HIGH
vendor_debian7.6HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.