Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-3625 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mplayer

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources

Severity

9.3CRITICALNVD

EPSS

68.1%

top 1.40%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mplayer Debian Mplayer Ricardo Villalba Smplayer

Timeline

PublishedJun 11

Latest updateMay 17

Description

Stack-based buffer overflow in the sub_read_line_sami function in subreader.c in MPlayer, as used in SMPlayer 0.6.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a SAMI subtitle file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDricardo_villalba/smplayer0.6.9

▶debiandebian/mplayer< mplayer 2:1.0~rc4.dfsg1+svn33713-2 (bookworm)

▶Debianmplayer/mplayer< 2:1.0~rc4.dfsg1+svn33713-2+3

Patches

Patch: git.mplayer2.org ↗Patch: git.mplayer2.org ↗

🔴Vulnerability Details

GHSA

GHSA-fv2g-q5cc-8667: Stack-based buffer overflow in the sub_read_line_sami function in subreader↗2022-05-17

▶

OSV

CVE-2011-3625: Stack-based buffer overflow in the sub_read_line_sami function in subreader↗2014-06-11

▶

💥Exploits & PoCs

Exploit-DB

MPlayer - '.SAMI' Subtitle File Buffer Overflow (Metasploit)↗2012-05-30

▶

Metasploit

MPlayer SAMI Subtitle File Buffer Overflow↗

▶

📋Vendor Advisories

Debian

CVE-2011-3625: mplayer - Stack-based buffer overflow in the sub_read_line_sami function in subreader.c in...↗2011

▶