CVE-2008-5616 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mplayer

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

10.0CRITICALNVD

EPSS

25.4%

top 3.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mplayer Debian Mplayer

Timeline

PublishedDec 17

Latest updateMay 14

Description

Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/mplayer< mplayer 1.0~rc2-19 (bookworm)

▶Debianmplayer/mplayer< 1.0~rc2-19+3

▶NVDmplayer/mplayer1.0_rc1+19

🔴Vulnerability Details

GHSA

GHSA-w9vw-r38j-pm48: Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf↗2022-05-14

▶

OSV

CVE-2008-5616: Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf↗2008-12-17

▶

📋Vendor Advisories

Debian

CVE-2008-5616: mplayer - Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_v...↗2008

▶