CVE-2008-0485
published 2008-02-05CVE-2008-0485: Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with…
PriorityP351critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
8.88%
94.6th percentile
Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | mplayer | < mplayer 1.0~rc2-8 (bookworm) | mplayer 1.0~rc2-8 (bookworm) |
| mplayer | mplayer | <= 1.02rc2 | — |
| mplayer | mplayer | >= 0 < 1.0~rc2-8 | 1.0~rc2-8 |
| mplayer | mplayer | >= 0 < 1.0~rc2-8 | 1.0~rc2-8 |
| mplayer | mplayer | >= 0 < 1.0~rc2-8 | 1.0~rc2-8 |
| mplayer | mplayer | >= 0 < 1.0~rc2-8 | 1.0~rc2-8 |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gff7-c3px-752j: Array index error in libmpdemux/demux_mov
ghsa_unreviewed·2022-05-01
CVE-2008-0485 [HIGH] GHSA-gff7-c3px-752j: Array index error in libmpdemux/demux_mov
Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag.
OSV
CVE-2008-0485: Array index error in libmpdemux/demux_mov
osv·2008-02-05·CVSS 9.3
CVE-2008-0485 [CRITICAL] CVE-2008-0485: Array index error in libmpdemux/demux_mov
Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag.
Debian
CVE-2008-0485: mplayer - Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might...
vendor_debian·2008·CVSS 9.3
CVE-2008-0485 [CRITICAL] CVE-2008-0485: mplayer - Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might...
Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag.
Scope: local
bookworm: resolved (fixed in 1.0~rc2-8)
bullseye: resolved (fixed in 1.0~rc2-8)
forky: resolved (fixed in 1.0~rc2-8)
sid: resolved (fixed in 1.0~rc2-8)
trixie: resolved (fixed in 1.0~rc2-8)
No detection rules found.
Bugzilla
CVE-2008-4437 CVE-2008-6098, CVE-2009-048[13456] bugzilla: multiple issues [F10]
bugzilla·2009-02-09·CVSS 7.1
CVE-2008-4437 [HIGH] CVE-2008-4437 CVE-2008-6098, CVE-2009-048[13456] bugzilla: multiple issues [F10]
CVE-2008-4437 CVE-2008-6098, CVE-2009-048[13456] bugzilla: multiple issues [F10]
F10 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
You can eventually use the following link to create the update request:
https://admin.fedoraproject.org/updates/new/?request=Stable&type_=security&release=Fedora%2010&bugs=484756,
---
Correct update submission URL is:
https://admin.fedoraproject.org/updates/new/?request=Stable&type_=security&bugs=484756,CVE-2008-6098,CVE-2009-0481,CVE-2009-0482,CVE-2009-0483,CVE-2009-0484,CVE-2009-0485,CVE-2009-0486
---
*** Bug 465959 has been marked as a duplicate of this bug. ***
---
CVE-2008-4437 fixed in upstream 3.0.5 is still unfixed too, adding it to this tracking bug
Bugzilla
CVE-2008-4437 CVE-2008-6098, CVE-2009-048[13456] bugzilla: multiple issues [F9]
bugzilla·2009-02-09·CVSS 7.1
CVE-2008-4437 [HIGH] CVE-2008-4437 CVE-2008-6098, CVE-2009-048[13456] bugzilla: multiple issues [F9]
CVE-2008-4437 CVE-2008-6098, CVE-2009-048[13456] bugzilla: multiple issues [F9]
F9 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
You can eventually use the following link to create the update request:
https://admin.fedoraproject.org/updates/new/?request=Stable&type_=security&release=Fedora%209&bugs=484757,
---
Correct update submission URL is:
https://admin.fedoraproject.org/updates/new/?request=Stable&type_=security&bugs=484757,CVE-2008-6098,CVE-2009-0481,CVE-2009-0482,CVE-2009-0483,CVE-2009-0484,CVE-2009-0485,CVE-2009-0486
---
*** Bug 465958 has been marked as a duplicate of this bug. ***
---
CVE-2008-4437 fixed in upstream 3.0.5 is still unfixed too, adding it to this tracking bug, u
http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060032.htmlhttp://secunia.com/advisories/28779http://secunia.com/advisories/28955http://secunia.com/advisories/28956http://secunia.com/advisories/29307http://security.gentoo.org/glsa/glsa-200803-16.xmlhttp://securityreason.com/securityalert/3607http://www.coresecurity.com/?action=item&id=2102http://www.debian.org/security/2008/dsa-1496http://www.mandriva.com/security/advisories?name=MDVSA-2008:045http://www.mplayerhq.hu/design7/news.htmlhttp://www.securityfocus.com/archive/1/487500/100/0/threadedhttp://www.securityfocus.com/bid/27499http://www.securitytracker.com/id?1019299http://www.vupen.com/english/advisories/2008/0406/referenceshttp://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060032.htmlhttp://secunia.com/advisories/28779http://secunia.com/advisories/28955http://secunia.com/advisories/28956http://secunia.com/advisories/29307http://security.gentoo.org/glsa/glsa-200803-16.xmlhttp://securityreason.com/securityalert/3607http://www.coresecurity.com/?action=item&id=2102http://www.debian.org/security/2008/dsa-1496http://www.mandriva.com/security/advisories?name=MDVSA-2008:045http://www.mplayerhq.hu/design7/news.htmlhttp://www.securityfocus.com/archive/1/487500/100/0/threadedhttp://www.securityfocus.com/bid/27499http://www.securitytracker.com/id?1019299http://www.vupen.com/english/advisories/2008/0406/references
2008-02-05
Published