CVE-2007-6718 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mplayer
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents5 sources
Severity
5.0MEDIUMNVD
NVD4.3OSV7.6OSV4.3
EPSS
0.4%
top 36.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 20
Latest updateMay 17
Description
MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as demonstrated by lol-mplay…
CVSS vector
AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9
Affected Packages5 packages
🔴Vulnerability Details
4GHSA▶
GHSA-w3rv-993w-f388: MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc↗2022-05-17
OSV▶
CVE-2008-4610: MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc↗2008-10-20