Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-1558 — Mplayer vulnerability

CWE-1895 documents5 sources

Severity

10.0CRITICALNVD

EPSS

21.9%

top 4.21%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mplayer Debian Mplayer

Timeline

PublishedMar 31

Latest updateMay 1

Description

Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. NOTE: this issue has been referred to as an integer overflow.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/mplayer< mplayer 1.0~rc2-10 (bookworm)

▶Debianmplayer/mplayer< 1.0~rc2-10+3

▶NVDmplayer/mplayer1.0_rc2

🔴Vulnerability Details

GHSA

GHSA-phwc-q98v-7w98: Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin↗2022-05-01

▶

OSV

CVE-2008-1558: Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin↗2008-03-31

▶

💥Exploits & PoCs

Exploit-DB

MPlayer 1.0 rc2 - 'sdpplin_parse()' Array Indexing Buffer Overflow (PoC)↗2008-03-25

▶

📋Vendor Advisories

Debian

CVE-2008-1558: mplayer - Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdppli...↗2008

▶