Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0485 — Mplayer vulnerability

CWE-1897 documents6 sources

Severity

9.3CRITICALNVD

EPSS

16.3%

top 5.15%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mplayer Debian Mplayer

Timeline

PublishedFeb 5

Latest updateMay 1

Description

Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/mplayer< mplayer 1.0~rc2-8 (bookworm)

▶Debianmplayer/mplayer< 1.0~rc2-8+3

▶NVDmplayer/mplayer1.02rc2

🔴Vulnerability Details

GHSA

GHSA-gff7-c3px-752j: Array index error in libmpdemux/demux_mov↗2022-05-01

▶

OSV

CVE-2008-0485: Array index error in libmpdemux/demux_mov↗2008-02-05

▶

💥Exploits & PoCs

Exploit-DB

MPlayer 1.0rc2 - 'demux_mov.c' Remote Code Execution↗2008-02-04

▶

📋Vendor Advisories

Debian

CVE-2008-0485: mplayer - Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might...↗2008

▶

💬Community

Bugzilla

CVE-2008-4437 CVE-2008-6098, CVE-2009-048[13456] bugzilla: multiple issues [F10]↗2009-02-09

▶

Bugzilla

CVE-2008-4437 CVE-2008-6098, CVE-2009-048[13456] bugzilla: multiple issues [F9]↗2009-02-09

▶