Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-4610 — Mplayer vulnerability

8 documents7 sources

Severity

5.0MEDIUMNVD

OSV4.3

EPSS

4.5%

top 10.82%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Ffmpeg Mplayer Debian Ffmpeg +1 more

Timeline

PublishedOct 20

Latest updateMay 17

Description

MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶debiandebian/mplayer< ffmpeg 7:2.4.1-1 (bookworm)

▶Debianmplayer/mplayer< 1.0~rc2-20+3

▶NVDmplayer/mplayer1.0_rc1+19

▶debiandebian/ffmpeg< ffmpeg 7:2.4.1-1 (bookworm)

▶Debianffmpeg/ffmpeg< 7:2.4.1-1+3

🔴Vulnerability Details

GHSA

GHSA-w3rv-993w-f388: MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc↗2022-05-17

▶

OSV

CVE-2008-4610: MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc↗2008-10-20

▶

💥Exploits & PoCs

Exploit-DB

MPlayer - '.AAC' File Handling Denial of Service↗2008-10-07

▶

Exploit-DB

MPlayer - '.OGM' File Handling Denial of Service↗2008-10-07

▶

📋Vendor Advisories

Ubuntu

FFmpeg vulnerabilities↗2009-03-16

▶

Debian

CVE-2008-4610: ffmpeg - MPlayer allows remote attackers to cause a denial of service (application crash)...↗2008

▶