CVE-2007-4940 — Media Player Classic vulnerability

CWE-1893 documents3 sources

Severity

9.3CRITICALNVD

EPSS

2.6%

top 14.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Guliverkli Media Player Classic Mympc Cd-storm Verycd Stormplayer

Timeline

PublishedSep 18

Latest updateMay 1

Description

Multiple integer overflows in Media Player Classic (MPC) 6.4.9.0 and earlier, as used standalone and in mympc (aka CD-Storm) 1.0.0.1, StormPlayer 1.0.4, and possibly other products, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDguliverkli/media_player_classic6.4.9.0

▶NVDverycd/stormplayer1.0.4

▶NVDmympc/cd-storm1.0.0.1

🔴Vulnerability Details

GHSA

GHSA-j8mf-vg8w-fx4p: Multiple integer overflows in Media Player Classic (MPC) 6↗2022-05-01

▶

CVEList

CVE-2007-4940: Multiple integer overflows in Media Player Classic (MPC) 6↗2007-09-18

▶