Debian Mplayer vulnerabilities

49 known vulnerabilities affecting debian/mplayer.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL11HIGH3MEDIUM11LOW24

Vulnerabilities

Page 1 of 3

CVE-2022-38861MEDIUMCVSS 5.5fixed in mplayer 2:1.5+svn38408-1 (bookworm)2022

CVE-2022-38861 [MEDIUM] CVE-2022-38861: mplayer - The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption... The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function free_mp_image() of libmpcodecs/mp_image.c. Scope: local bookworm: resolved (fixed in 2:1.5+svn38408-1) bullseye: resolved (fixed in 2:1.4+ds1-1+deb11u1) forky: resolved (fixed in 2:1.5+svn38408-1) sid: resolved (fixed in 2:1.5+svn38408-1) trixie: resolved (fixed in 2:1.5+

debian

CVE-2022-38864MEDIUMCVSS 5.5fixed in mplayer 2:1.5+svn38408-1 (bookworm)2022

CVE-2022-38864 [MEDIUM] CVE-2022-38864: mplayer - Certain The MPlayer Project products are vulnerable to Buffer Overflow via the f... Certain The MPlayer Project products are vulnerable to Buffer Overflow via the function mp_unescape03() of libmpdemux/mpeg_hdr.c. This affects mencoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1. Scope: local bookworm: resolved (fixed in 2:1.5+svn38408-1) bullseye: resolved (fixed in 2:1.4+ds1-1+deb11u1) forky: resolved (fixed in 2:1.5+svn38408-1) sid: resolv

debian

CVE-2022-38853LOWCVSS 5.5fixed in mplayer 2:1.5+svn38408-1 (bookworm)2022

CVE-2022-38853 [MEDIUM] CVE-2022-38853: mplayer - Certain The MPlayer Project products are vulnerable to Buffer Overflow via funct... Certain The MPlayer Project products are vulnerable to Buffer Overflow via function asf_init_audio_stream() of libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. Scope: local bookworm: resolved (fixed in 2:1.5+svn38408-1) bullseye: open forky: resolved (fixed in 2:1.5+svn38408-1) sid: resolved (fixed in 2:1.5+svn38408-1)

debian

CVE-2022-38855LOWCVSS 5.5fixed in mplayer 2:1.5+svn38408-1 (bookworm)2022

CVE-2022-38855 [MEDIUM] CVE-2022-38855: mplayer - Certain The MPlayer Project products are vulnerable to Buffer Overflow via funct... Certain The MPlayer Project products are vulnerable to Buffer Overflow via function gen_sh_video () of mplayer/libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. Scope: local bookworm: resolved (fixed in 2:1.5+svn38408-1) bullseye: resolved (fixed in 2:1.4+ds1-1+deb11u1) forky: resolved (fixed in 2:1.5+svn38408-1) sid: r

debian

CVE-2022-38856LOWCVSS 5.5fixed in mplayer 2:1.5+svn38408-1 (bookworm)2022

CVE-2022-38856 [MEDIUM] CVE-2022-38856: mplayer - Certain The MPlayer Project products are vulnerable to Buffer Overflow via funct... Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. Scope: local bookworm: resolved (fixed in 2:1.5+svn38408-1) bullseye: open forky: resolved (fixed in 2:1.5+svn38408-1) sid: resolved (fixed in 2:1.5+svn38408-1) trixi

debian

CVE-2022-38865LOWCVSS 5.5fixed in mplayer 2:1.5+svn38408-1 (bookworm)2022

CVE-2022-38865 [MEDIUM] CVE-2022-38865: mplayer - Certain The MPlayer Project products are vulnerable to Divide By Zero via the fu... Certain The MPlayer Project products are vulnerable to Divide By Zero via the function demux_avi_read_packet of libmpdemux/demux_avi.c. This affects mplyer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. Scope: local bookworm: resolved (fixed in 2:1.5+svn38408-1) bullseye: resolved (fixed in 2:1.4+ds1-1+deb11u1) forky: resolved (fixed in 2:1.5+svn38408-1) sid: r

debian

CVE-2022-38850LOWCVSS 5.5fixed in mplayer 2:1.5+svn38408-1 (bookworm)2022

CVE-2022-38850 [MEDIUM] CVE-2022-38850: mplayer - The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero v... The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config () of llibmpcodecs/vf_scale.c. Scope: local bookworm: resolved (fixed in 2:1.5+svn38408-1) bullseye: resolved (fixed in 2:1.4+ds1-1+deb11u1) forky: resolved (fixed in 2:1.5+svn38408-1) sid: resolved (fixed in 2:1.5+svn38408-1) trixie: resolved (fixed in 2:1.5+svn

debian

CVE-2022-38858LOWCVSS 5.5fixed in mplayer 2:1.5+svn38408-1 (bookworm)2022

CVE-2022-38858 [MEDIUM] CVE-2022-38858: mplayer - Certain The MPlayer Project products are vulnerable to Buffer Overflow via funct... Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. Scope: local bookworm: resolved (fixed in 2:1.5+svn38408-1) bullseye: resolved (fixed in 2:1.4+ds1-1+deb11u1) forky: resolved (fixed in 2:1.5+svn38408-1) sid: resolve

debian

CVE-2022-38860LOWCVSS 5.5fixed in mplayer 2:1.5+svn38408-1 (bookworm)2022

CVE-2022-38860 [MEDIUM] CVE-2022-38860: mplayer - Certain The MPlayer Project products are vulnerable to Divide By Zero via functi... Certain The MPlayer Project products are vulnerable to Divide By Zero via function demux_open_avi() of libmpdemux/demux_avi.c which affects mencoder. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. Scope: local bookworm: resolved (fixed in 2:1.5+svn38408-1) bullseye: resolved (fixed in 2:1.4+ds1-1+deb11u1) forky: resolved (fixed in 2:1.5+svn

debian

CVE-2022-38866LOWCVSS 5.5fixed in mplayer 2:1.5+svn38408-1 (bookworm)2022

CVE-2022-38866 [MEDIUM] CVE-2022-38866: mplayer - Certain The MPlayer Project products are vulnerable to Buffer Overflow via read_... Certain The MPlayer Project products are vulnerable to Buffer Overflow via read_avi_header() of libmpdemux/aviheader.c . This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. Scope: local bookworm: resolved (fixed in 2:1.5+svn38408-1) bullseye: resolved (fixed in 2:1.4+ds1-1+deb11u1) forky: resolved (fixed in 2:1.5+svn38408-1) sid: resolved (fixed

debian

CVE-2022-38851LOWCVSS 5.5fixed in mplayer 2:1.5+svn38408-1 (bookworm)2022

CVE-2022-38851 [MEDIUM] CVE-2022-38851: mplayer - Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via fu... Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function read_meta_record() of mplayer/libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. Scope: local bookworm: resolved (fixed in 2:1.5+svn38408-1) bullseye: resolved (fixed in 2:1.4+ds1-1+deb11u1) forky: resolved (fixed in 2:1.5+svn38408-1)

debian

CVE-2022-38600LOWCVSS 5.5fixed in mplayer 2:1.5+svn38408-1 (bookworm)2022

CVE-2022-38600 [MEDIUM] CVE-2022-38600: mplayer - Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf_vo.c. Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf_vo.c. Scope: local bookworm: resolved (fixed in 2:1.5+svn38408-1) bullseye: open forky: resolved (fixed in 2:1.5+svn38408-1) sid: resolved (fixed in 2:1.5+svn38408-1) trixie: resolved (fixed in 2:1.5+svn38408-1)

debian

CVE-2022-38863LOWCVSS 5.5fixed in mplayer 2:1.5+svn38408-1 (bookworm)2022

CVE-2022-38863 [MEDIUM] CVE-2022-38863: mplayer - Certain The MPlayer Project products are vulnerable to Buffer Overflow via funct... Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mp_getbits() of libmpdemux/mpeg_hdr.c which affects mencoder and mplayer. This affects mecoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1. Scope: local bookworm: resolved (fixed in 2:1.5+svn38408-1) bullseye: resolved (fixed in 2:1.4+ds1-1+deb11u1) forky: resolved (fixed in 2:

debian

CVE-2016-4352MEDIUMCVSS 5.5fixed in mplayer 2:1.3.0-2 (bookworm)2016

CVE-2016-4352 [MEDIUM] CVE-2016-4352: mplayer - Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer al... Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer allows remote attackers to cause a denial of service (crash) via large dimensions in a gif file. Scope: local bookworm: resolved (fixed in 2:1.3.0-2) bullseye: resolved (fixed in 2:1.3.0-2) forky: resolved (fixed in 2:1.3.0-2) sid: resolved (fixed in 2:1.3.0-2) trixie: resolved (fixed in 2

debian

CVE-2013-6934LOWCVSS 7.52013

CVE-2013-6934 [HIGH] CVE-2013-6934: mplayer - The parseRTSPRequestString function in Live Networks Live555 Streaming Media 201... The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vul

debian

CVE-2013-6933LOWCVSS 7.5fixed in mplayer 2:1.1.1+svn37434-1 (bookworm)2013

CVE-2013-6933 [HIGH] CVE-2013-6933: mplayer - The parseRTSPRequestString function in Live Networks Live555 Streaming Media 201... The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, a

debian

CVE-2011-3625CRITICALCVSS 9.3PoCfixed in mplayer 2:1.0~rc4.dfsg1+svn33713-2 (bookworm)2011

CVE-2011-3625 [CRITICAL] CVE-2011-3625: mplayer - Stack-based buffer overflow in the sub_read_line_sami function in subreader.c in... Stack-based buffer overflow in the sub_read_line_sami function in subreader.c in MPlayer, as used in SMPlayer 0.6.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a SAMI subtitle file. Scope: local bookworm: resolved (fixed in 2:1.0~rc4.dfsg1+svn33713-2) bullseye: resolved (fixed in 2:1.0~rc4.

debian

CVE-2010-2062MEDIUMCVSS 7.5fixed in mplayer 2:1.0~rc3+svn20100502-3 (bookworm)2010

CVE-2010-2062 [HIGH] CVE-2010-2062: mplayer - Integer underflow in the real_get_rdt_chunk function in real.c, as used in modul... Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header. Scope: local bookworm: resolved (fixed in 2:1.0~rc3+svn20100502-3) bulls

debian

CVE-2009-0385CRITICALCVSS 9.3fixed in ffmpeg 0.svn20080206-16 (bookworm)2009

CVE-2009-0385 [CRITICAL] CVE-2009-0385: ffmpeg - Integer signedness error in the fourxm_read_header function in libavformat/4xm.c... Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference. Scope: local bookworm: resolved (fixed in 0.svn20080206-16) bullseye: resolved (fixed in 0.svn200

debian

CVE-2008-4866CRITICALCVSS 10.0fixed in ffmpeg 0.svn20080206-14 (bookworm)2008

CVE-2008-4866 [CRITICAL] CVE-2008-4866: ffmpeg - Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, ... Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY. Scope: local bookworm: resolved (fixed in 0.svn20080206-14) bullseye: resolved (fixed in 0.svn20080206-14)

debian

1 / 3Next →