CVE-2008-3827 — Integer Underflow (Wrap or Wraparound) in Mplayer

CWE-1894 documents4 sources

Severity

9.3CRITICALNVD

EPSS

3.6%

top 12.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mplayer Debian Mplayer

Timeline

PublishedSep 29

Latest updateMay 2

Description

Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or write arbitrary memory.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/mplayer< mplayer 1.0~rc2-18 (bookworm)

▶Debianmplayer/mplayer< 1.0~rc2-18+3

▶NVDmplayer/mplayer1.0_rc2+20

Patches

Patch: www.ocert.org ↗Patch: www.ocert.org ↗

🔴Vulnerability Details

GHSA

GHSA-qpf6-c2g5-gjpq: Multiple integer underflows in the Real demuxer (demux_real↗2022-05-02

▶

OSV

CVE-2008-3827: Multiple integer underflows in the Real demuxer (demux_real↗2008-09-29

▶

📋Vendor Advisories

Debian

CVE-2008-3827: mplayer - Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc...↗2008

▶