cbcvebase.
CVE-2008-0485
published 2008-02-05

CVE-2008-0485: Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with…

PriorityP351critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
8.88%
94.6th percentile
Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianmplayer< mplayer 1.0~rc2-8 (bookworm)mplayer 1.0~rc2-8 (bookworm)
mplayermplayer<= 1.02rc2
mplayermplayer>= 0 < 1.0~rc2-81.0~rc2-8
mplayermplayer>= 0 < 1.0~rc2-81.0~rc2-8
mplayermplayer>= 0 < 1.0~rc2-81.0~rc2-8
mplayermplayer>= 0 < 1.0~rc2-81.0~rc2-8

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.