CVE-2008-0630 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mplayer

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

7.0%

top 8.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mplayer Debian Mplayer

Timeline

PublishedFeb 6

Latest updateMay 1

Description

Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 allows remote attackers to execute arbitrary code via a crafted URL that prevents the IPv6 parsing code from setting a pointer to NULL, which causes the buffer to be reused by the unescape code.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/mplayer< mplayer 1.0~rc2-8 (bookworm)

▶Debianmplayer/mplayer< 1.0~rc2-8+3

▶NVDmplayer/mplayer1.02rc2

🔴Vulnerability Details

GHSA

GHSA-72r3-j5vh-qx4c: Buffer overflow in url↗2022-05-01

▶

OSV

CVE-2008-0630: Buffer overflow in url↗2008-02-06

▶

📋Vendor Advisories

Debian

CVE-2008-0630: mplayer - Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 allows remote a...↗2008

▶