VYPR

Mplayer

by MPlayer

CVEs (56)

  • CVE-2011-10008HigJul 31, 2025
    risk 0.64cvss epss 0.01

    A stack-based buffer overflow vulnerability exists in MPlayer Lite r33064 due to improper bounds checking when handling M3U playlist files containing long http:// URL entries. An attacker can craft a malicious .m3u file with a specially formatted URL that triggers a stack…

  • CVE-2016-5115MedFeb 3, 2017
    risk 0.36cvss 5.5epss 0.01

    The avcodec_decode_audio4 function in libavcodec in libavformat 57.34.103, as used in MPlayer, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file.

  • CVE-2016-4352MedFeb 3, 2017
    risk 0.36cvss 5.5epss 0.01

    Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer allows remote attackers to cause a denial of service (crash) via large dimensions in a gif file.

  • CVE-2011-3625Jun 11, 2014
    risk 0.05cvss epss 0.24

    Stack-based buffer overflow in the sub_read_line_sami function in subreader.c in MPlayer, as used in SMPlayer 0.6.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a SAMI subtitle file.

  • CVE-2004-0386May 4, 2004
    risk 0.05cvss epss 0.27

    Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.

  • CVE-2008-4610Oct 20, 2008
    risk 0.04cvss epss 0.09

    MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718.

  • CVE-2008-1558Mar 31, 2008
    risk 0.04cvss epss 0.17

    Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. NOTE: this issue has been referred to as an integer overflow.

  • CVE-2008-0485Feb 5, 2008
    risk 0.04cvss epss 0.09

    Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag.

  • CVE-2007-4938Sep 18, 2007
    risk 0.04cvss epss 0.16

    Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a…

  • CVE-2004-0659Aug 6, 2004
    risk 0.04cvss epss 0.16

    Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 allows remote attackers to execute arbitrary code via a long file name.

  • CVE-2003-0835Nov 17, 2003
    risk 0.03cvss epss 0.05

    Multiple buffer overflows in asf_http_request of MPlayer before 0.92 allows remote attackers to execute arbitrary code via an ASX header with a long hostname.

  • CVE-2008-5616Dec 17, 2008
    risk 0.01cvss epss 0.08

    Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file.

  • CVE-2008-3827Sep 29, 2008
    risk 0.01cvss epss 0.11

    Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or…

  • CVE-2026-12706Jun 19, 2026
    risk 0.00cvss epss 0.00

    A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decode_move() function initializes a read pointer into a decompressed buffer, but a subsequent reallocation of that same buffer during move-table processing leaves the pointer dangling. An attacker…

  • CVE-2020-19824Feb 17, 2023
    risk 0.00cvss epss 0.00

    An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the ao_c parameter.

  • CVE-2022-38600Sep 15, 2022
    risk 0.00cvss epss 0.00

    Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf_vo.c.

  • CVE-2022-38853Sep 15, 2022
    risk 0.00cvss epss 0.00

    Certain The MPlayer Project products are vulnerable to Buffer Overflow via function asf_init_audio_stream() of libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.

  • CVE-2022-38856Sep 15, 2022
    risk 0.00cvss epss 0.00

    Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.

  • CVE-2022-38862Sep 15, 2022
    risk 0.00cvss epss 0.00

    Certain The MPlayer Project products are vulnerable to Buffer Overflow via function play() of libaf/af.c:639. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.

  • CVE-2022-38861Sep 15, 2022
    risk 0.00cvss epss 0.00

    The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function free_mp_image() of libmpcodecs/mp_image.c.

Page 1 of 3