Mplayer
Sign in to watchby MPlayer
CVEs (28)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2004-0386 | 0.06 | — | 0.37 | May 4, 2004 | Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header. | ||
| CVE-2008-1558 | 0.05 | — | 0.22 | Mar 31, 2008 | Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. NOTE: this issue has been referred to as an integer overflow. | ||
| CVE-2008-0485 | 0.04 | — | 0.16 | Feb 5, 2008 | Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag. | ||
| CVE-2007-4938 | 0.04 | — | 0.10 | Sep 18, 2007 | Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value. | ||
| CVE-2003-0835 | 0.04 | — | 0.10 | Nov 17, 2003 | Multiple buffer overflows in asf_http_request of MPlayer before 0.92 allows remote attackers to execute arbitrary code via an ASX header with a long hostname. | ||
| CVE-2008-4610 | 0.03 | — | 0.05 | Oct 20, 2008 | MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718. | ||
| CVE-2004-0659 | 0.03 | — | 0.04 | Aug 6, 2004 | Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 allows remote attackers to execute arbitrary code via a long file name. | ||
| CVE-2008-5616 | 0.02 | — | 0.25 | Dec 17, 2008 | Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file. | ||
| CVE-2008-0630 | 0.01 | — | 0.07 | Feb 6, 2008 | Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 allows remote attackers to execute arbitrary code via a crafted URL that prevents the IPv6 parsing code from setting a pointer to NULL, which causes the buffer to be reused by the unescape code. | ||
| CVE-2007-2948 | 0.01 | — | 0.13 | Jun 7, 2007 | Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long (1) album title or (2) category. | ||
| CVE-2007-1246 | 0.01 | — | 0.09 | Mar 3, 2007 | The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1387. | ||
| CVE-2011-0723 | 0.00 | — | 0.01 | May 20, 2011 | FFmpeg 0.5.x, as used in MPlayer and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed VC-1 file. | ||
| CVE-2007-6718 | 0.00 | — | 0.00 | Oct 20, 2008 | MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as demonstrated by lol-mplayer.aac. NOTE: vector 5 might overlap CVE-2007-4938, and vector 6 might overlap CVE-2008-0486. | ||
| CVE-2008-3827 | 0.00 | — | 0.04 | Sep 29, 2008 | Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or write arbitrary memory. | ||
| CVE-2008-0629 | 0.00 | — | 0.03 | Feb 6, 2008 | Buffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN before r25824 allows remote user-assisted attackers to execute arbitrary code via a CDDB database entry containing a long album title. | ||
| CVE-2008-0486 | 0.00 | — | 0.05 | Feb 5, 2008 | Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. | ||
| CVE-2007-1387 | 0.00 | — | 0.05 | Mar 13, 2007 | The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1246. | ||
| CVE-2006-6172 | 0.00 | — | 0.04 | Nov 30, 2006 | Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches. | ||
| CVE-2006-1502 | 0.00 | — | 0.04 | Mar 30, 2006 | Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negative integer after the conversion from a char to an int or (2) an AVI file with a crafted wLongsPerEntry or nEntriesInUse value in the indx chunk, which is handled in aviheader.c. | ||
| CVE-2006-0579 | 0.00 | — | 0.04 | Feb 8, 2006 | Multiple integer overflows in (1) the new_demux_packet function in demuxer.h and (2) the demux_asf_read_packet function in demux_asf.c in MPlayer 1.0pre7try2 and earlier allow remote attackers to execute arbitrary code via an ASF file with a large packet length value. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. |
Page 1 of 2