CVE-2007-4938
published 2007-09-18CVE-2007-4938: Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or…
PriorityP346high7.6CVSS 2.0
AVNACHAuNCCICAC
EXPLOIT
EPSS
16.05%
96.5th percentile
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.
Affected
31 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | mplayer | < mplayer 1.0~rc3+svn20100502-1 (bookworm) | mplayer 1.0~rc3+svn20100502-1 (bookworm) |
| debian | mplayer | < mplayer 1.0~rc1-16.1 (bookworm) | mplayer 1.0~rc1-16.1 (bookworm) |
| mplayer | mplayer | <= 1.0_rc1 | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | >= 0 < 1.0~rc3+svn20100502-1 | 1.0~rc3+svn20100502-1 |
| mplayer | mplayer | >= 0 < 1.0~rc1-16.1 | 1.0~rc1-16.1 |
CVSS provenance
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
osv7.6HIGH
vendor_debian7.6HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2007-6718: mplayer - MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (...
vendor_debian·2007·CVSS 7.6
CVE-2007-6718 [HIGH] CVE-2007-6718: mplayer - MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (...
MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as demonstrated by lol-mplayer.aac. NOTE: vector 5 might overlap CVE-2007-4938, and vector 6 might overlap CVE-2008-0486.
Scope: lo
Debian
CVE-2007-4938: mplayer - Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earli...
vendor_debian·2007·CVSS 7.6
CVE-2007-4938 [HIGH] CVE-2007-4938: mplayer - Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earli...
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.
Scope: local
bookworm: resolved (fixed in 1.0~rc1-16.1)
bullseye: resolved (fixed in 1.0~rc1-16.1)
forky: resolved (fixed in 1.0~rc1-16.1)
sid: resolved (fixed in 1.0~rc1-16.1)
trixie: resolved (fixed in 1.0~rc1-16.1)
GHSA
GHSA-cm2q-rjp7-2xcv: Heap-based buffer overflow in libmpdemux/aviheader
ghsa_unreviewed·2022-05-01
CVE-2007-4938 [HIGH] CWE-119 GHSA-cm2q-rjp7-2xcv: Heap-based buffer overflow in libmpdemux/aviheader
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.
GHSA
GHSA-r35q-7952-c6qv: MPlayer, possibly 1
ghsa_unreviewed·2022-05-01·CVSS 7.6
CVE-2007-6718 [HIGH] GHSA-r35q-7952-c6qv: MPlayer, possibly 1
MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as demonstrated by lol-mplayer.aac. NOTE: vector 5 might overlap CVE-2007-4938, and vector 6 might overlap CVE-2008-0486.
OSV
CVE-2007-6718: MPlayer, possibly 1
osv·2008-10-20·CVSS 7.6
CVE-2007-6718 [HIGH] CVE-2007-6718: MPlayer, possibly 1
MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as demonstrated by lol-mplayer.aac. NOTE: vector 5 might overlap CVE-2007-4938, and vector 6 might overlap CVE-2008-0486.
OSV
CVE-2007-4938: Heap-based buffer overflow in libmpdemux/aviheader
osv·2007-09-18·CVSS 7.6
CVE-2007-4938 [HIGH] CVE-2007-4938: Heap-based buffer overflow in libmpdemux/aviheader
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/45940http://secunia.com/advisories/27016http://securityreason.com/securityalert/3144http://www.mandriva.com/security/advisories?name=MDKSA-2007:192http://www.securityfocus.com/archive/1/479222/100/0/threadedhttp://www.securityfocus.com/bid/25648http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/36581http://osvdb.org/45940http://secunia.com/advisories/27016http://securityreason.com/securityalert/3144http://www.mandriva.com/security/advisories?name=MDKSA-2007:192http://www.securityfocus.com/archive/1/479222/100/0/threadedhttp://www.securityfocus.com/bid/25648http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/36581
2007-09-18
Published