CVE-2008-0486Improper Restriction of Operations within the Bounds of a Memory Buffer in Mplayer

CWE-18910 documents8 sources
Severity
7.5HIGHNVD
EPSS
4.6%
top 10.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MplayerXine Xine-lib
Timeline
PublishedFeb 5
Latest updateMay 1

Description

Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

Debianmplayer/mplayer< 1.0~rc2-8+3
NVDxine/xine-lib1.1.10
NVDmplayer/mplayer1.02rc2

🔴Vulnerability Details

3
GHSA
GHSA-q27c-cfcq-96m5: Array index vulnerability in libmpdemux/demux_audio2022-05-01
OSV
CVE-2008-0486: Array index vulnerability in libmpdemux/demux_audio2008-02-05
CVEList
CVE-2008-0486: Array index vulnerability in libmpdemux/demux_audio2008-02-05

📋Vendor Advisories

3
Ubuntu
xine-lib vulnerabilities2008-08-06
Red Hat
mplayer: array indexing vulnerability in FLAC parsing code2008-02-04
Debian
CVE-2008-0486: mplayer - Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN ...2008

💬Community

3
Bugzilla
CVE-2008-4437 CVE-2008-6098, CVE-2009-048[13456] bugzilla: multiple issues [F10]2009-02-09
Bugzilla
CVE-2008-4437 CVE-2008-6098, CVE-2009-048[13456] bugzilla: multiple issues [F9]2009-02-09
Bugzilla
CVE-2008-0486 xine-lib / mplayer: array indexing vulnerability in FLAC parsing code2008-02-05
CVE-2008-0486 — Mplayer vulnerability | cvebase