CVE-2008-0486
published 2008-02-05CVE-2008-0486: Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
5.37%
91.6th percentile
Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.
Affected
32 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | mplayer | < mplayer 1.0~rc3+svn20100502-1 (bookworm) | mplayer 1.0~rc3+svn20100502-1 (bookworm) |
| debian | mplayer | < mplayer 1.0~rc2-8 (bookworm) | mplayer 1.0~rc2-8 (bookworm) |
| mplayer | mplayer | <= 1.0_rc1 | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | — | — |
| mplayer | mplayer | >= 0 < 1.0~rc3+svn20100502-1 | 1.0~rc3+svn20100502-1 |
| mplayer | mplayer | >= 0 < 1.0~rc2-8 | 1.0~rc2-8 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.6HIGH
vendor_debian7.6LOW
vendor_redhat7.5HIGH
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
xine-lib vulnerabilities
vendor_ubuntu·2008-08-06·CVSS 6.8
CVE-2008-0073 [MEDIUM] xine-lib vulnerabilities
Title: xine-lib vulnerabilities
Summary: xine-lib vulnerabilities
Alin Rad Pop discovered an array index vulnerability in the SDP
parser. If a user or automated system were tricked into opening a
malicious RTSP stream, a remote attacker may be able to execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2008-0073)
Luigi Auriemma discovered that xine-lib did not properly check
buffer sizes in the RTSP header-handling code. If xine-lib opened an
RTSP stream with crafted SDP attributes, a remote attacker may be
able to execute arbitrary code with the privileges of the user
invoking the program. (CVE-2008-0225, CVE-2008-0238)
Damian Frizza and Alfredo Ortega discovered that xine-lib did not
properly validate FLAC tags. If a user or automated system were
tricked
Red Hat
mplayer: array indexing vulnerability in FLAC parsing code
vendor_redhat·2008-02-04·CVSS 7.5
CVE-2008-0486 [HIGH] mplayer: array indexing vulnerability in FLAC parsing code
mplayer: array indexing vulnerability in FLAC parsing code
Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.
Debian
CVE-2008-0486: mplayer - Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN ...
vendor_debian·2008·CVSS 7.5
CVE-2008-0486 [HIGH] CVE-2008-0486: mplayer - Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN ...
Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.
Scope: local
bookworm: resolved (fixed in 1.0~rc2-8)
bullseye: resolved (fixed in 1.0~rc2-8)
forky: resolved (fixed in 1.0~rc2-8)
sid: resolved (fixed in 1.0~rc2-8)
trixie: resolved (fixed in 1.0~rc2-8)
Debian
CVE-2007-6718: mplayer - MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (...
vendor_debian·2007·CVSS 7.6
CVE-2007-6718 [HIGH] CVE-2007-6718: mplayer - MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (...
MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as demonstrated by lol-mplayer.aac. NOTE: vector 5 might overlap CVE-2007-4938, and vector 6 might overlap CVE-2008-0486.
Scope: lo
GHSA
GHSA-r35q-7952-c6qv: MPlayer, possibly 1
ghsa_unreviewed·2022-05-01·CVSS 7.6
CVE-2007-6718 [HIGH] GHSA-r35q-7952-c6qv: MPlayer, possibly 1
MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as demonstrated by lol-mplayer.aac. NOTE: vector 5 might overlap CVE-2007-4938, and vector 6 might overlap CVE-2008-0486.
GHSA
GHSA-q27c-cfcq-96m5: Array index vulnerability in libmpdemux/demux_audio
ghsa_unreviewed·2022-05-01
CVE-2008-0486 [HIGH] GHSA-q27c-cfcq-96m5: Array index vulnerability in libmpdemux/demux_audio
Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.
OSV
CVE-2007-6718: MPlayer, possibly 1
osv·2008-10-20·CVSS 7.6
CVE-2007-6718 [HIGH] CVE-2007-6718: MPlayer, possibly 1
MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as demonstrated by lol-mplayer.aac. NOTE: vector 5 might overlap CVE-2007-4938, and vector 6 might overlap CVE-2008-0486.
OSV
CVE-2008-0486: Array index vulnerability in libmpdemux/demux_audio
osv·2008-02-05·CVSS 7.5
CVE-2008-0486 [HIGH] CVE-2008-0486: Array index vulnerability in libmpdemux/demux_audio
Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2008-4437 CVE-2008-6098, CVE-2009-048[13456] bugzilla: multiple issues [F10]
bugzilla·2009-02-09·CVSS 7.1
CVE-2008-4437 [HIGH] CVE-2008-4437 CVE-2008-6098, CVE-2009-048[13456] bugzilla: multiple issues [F10]
CVE-2008-4437 CVE-2008-6098, CVE-2009-048[13456] bugzilla: multiple issues [F10]
F10 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
You can eventually use the following link to create the update request:
https://admin.fedoraproject.org/updates/new/?request=Stable&type_=security&release=Fedora%2010&bugs=484756,
---
Correct update submission URL is:
https://admin.fedoraproject.org/updates/new/?request=Stable&type_=security&bugs=484756,CVE-2008-6098,CVE-2009-0481,CVE-2009-0482,CVE-2009-0483,CVE-2009-0484,CVE-2009-0485,CVE-2009-0486
---
*** Bug 465959 has been marked as a duplicate of this bug. ***
---
CVE-2008-4437 fixed in upstream 3.0.5 is still unfixed too, adding it to this tracking bug
Bugzilla
CVE-2008-4437 CVE-2008-6098, CVE-2009-048[13456] bugzilla: multiple issues [F9]
bugzilla·2009-02-09·CVSS 7.1
CVE-2008-4437 [HIGH] CVE-2008-4437 CVE-2008-6098, CVE-2009-048[13456] bugzilla: multiple issues [F9]
CVE-2008-4437 CVE-2008-6098, CVE-2009-048[13456] bugzilla: multiple issues [F9]
F9 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
You can eventually use the following link to create the update request:
https://admin.fedoraproject.org/updates/new/?request=Stable&type_=security&release=Fedora%209&bugs=484757,
---
Correct update submission URL is:
https://admin.fedoraproject.org/updates/new/?request=Stable&type_=security&bugs=484757,CVE-2008-6098,CVE-2009-0481,CVE-2009-0482,CVE-2009-0483,CVE-2009-0484,CVE-2009-0485,CVE-2009-0486
---
*** Bug 465958 has been marked as a duplicate of this bug. ***
---
CVE-2008-4437 fixed in upstream 3.0.5 is still unfixed too, adding it to this tracking bug, u
Bugzilla
CVE-2008-0486 xine-lib / mplayer: array indexing vulnerability in FLAC parsing code
bugzilla·2008-02-05·CVSS 7.5
CVE-2008-0486 [HIGH] CVE-2008-0486 xine-lib / mplayer: array indexing vulnerability in FLAC parsing code
CVE-2008-0486 xine-lib / mplayer: array indexing vulnerability in FLAC parsing code
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-0486 to the following vulnerability:
Array index vulnerability in libmpdemux/demux_audio.c in MPlayer
1.0rc2 and SVN before r25917, and possibly earlier versions, as used
in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary
code via a crafted FLAC tag, which triggers a buffer overflow.
References:
http://www.securityfocus.com/archive/1/archive/1/487501/100/0/threaded
http://www.coresecurity.com/?action=item&id=2103
http://www.securityfocus.com/bid/27441
Discussion:
Patch in mplayer SVN:
http://svn.mplayerhq.hu/mplayer/trunk/libmpdemux/demux_audio.c?r1=25911&r2=25917
For xine-lib, affected code seems to live in open_
http://bugs.gentoo.org/show_bug.cgi?id=209106http://bugs.xine-project.org/show_bug.cgi?id=38http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060033.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.htmlhttp://secunia.com/advisories/28779http://secunia.com/advisories/28801http://secunia.com/advisories/28918http://secunia.com/advisories/28955http://secunia.com/advisories/28956http://secunia.com/advisories/28989http://secunia.com/advisories/29141http://secunia.com/advisories/29307http://secunia.com/advisories/29323http://secunia.com/advisories/29601http://secunia.com/advisories/31393http://security.gentoo.org/glsa/glsa-200802-12.xmlhttp://security.gentoo.org/glsa/glsa-200803-16.xmlhttp://securityreason.com/securityalert/3608http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735http://www.coresecurity.com/?action=item&id=2103http://www.debian.org/security/2008/dsa-1496http://www.debian.org/security/2008/dsa-1536http://www.mandriva.com/security/advisories?name=MDVSA-2008:045http://www.mandriva.com/security/advisories?name=MDVSA-2008:046http://www.mplayerhq.hu/design7/news.htmlhttp://www.securityfocus.com/archive/1/487501/100/0/threadedhttp://www.securityfocus.com/bid/27441http://www.ubuntu.com/usn/usn-635-1http://www.vupen.com/english/advisories/2008/0406/referenceshttp://www.vupen.com/english/advisories/2008/0421https://bugzilla.redhat.com/show_bug.cgi?id=431541https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00395.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-February/msg00442.htmlhttp://bugs.gentoo.org/show_bug.cgi?id=209106http://bugs.xine-project.org/show_bug.cgi?id=38http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060033.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.htmlhttp://secunia.com/advisories/28779http://secunia.com/advisories/28801http://secunia.com/advisories/28918http://secunia.com/advisories/28955http://secunia.com/advisories/28956http://secunia.com/advisories/28989http://secunia.com/advisories/29141http://secunia.com/advisories/29307http://secunia.com/advisories/29323http://secunia.com/advisories/29601http://secunia.com/advisories/31393http://security.gentoo.org/glsa/glsa-200802-12.xmlhttp://security.gentoo.org/glsa/glsa-200803-16.xmlhttp://securityreason.com/securityalert/3608http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735http://www.coresecurity.com/?action=item&id=2103http://www.debian.org/security/2008/dsa-1496http://www.debian.org/security/2008/dsa-1536http://www.mandriva.com/security/advisories?name=MDVSA-2008:045http://www.mandriva.com/security/advisories?name=MDVSA-2008:046http://www.mplayerhq.hu/design7/news.htmlhttp://www.securityfocus.com/archive/1/487501/100/0/threadedhttp://www.securityfocus.com/bid/27441http://www.ubuntu.com/usn/usn-635-1http://www.vupen.com/english/advisories/2008/0406/referenceshttp://www.vupen.com/english/advisories/2008/0421https://bugzilla.redhat.com/show_bug.cgi?id=431541https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00395.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-February/msg00442.html
2008-02-05
Published