Mplayer
by MPlayer
CVEs (56)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-10008 | Hig | 0.64 | — | 0.01 | Jul 31, 2025 | A stack-based buffer overflow vulnerability exists in MPlayer Lite r33064 due to improper bounds checking when handling M3U playlist files containing long http:// URL entries. An attacker can craft a malicious .m3u file with a specially formatted URL that triggers a stack… | ||
| CVE-2016-5115 | Med | 0.36 | 5.5 | 0.01 | Feb 3, 2017 | The avcodec_decode_audio4 function in libavcodec in libavformat 57.34.103, as used in MPlayer, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file. | ||
| CVE-2016-4352 | Med | 0.36 | 5.5 | 0.01 | Feb 3, 2017 | Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer allows remote attackers to cause a denial of service (crash) via large dimensions in a gif file. | ||
| CVE-2011-3625 | 0.05 | — | 0.24 | Jun 11, 2014 | Stack-based buffer overflow in the sub_read_line_sami function in subreader.c in MPlayer, as used in SMPlayer 0.6.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a SAMI subtitle file. | |||
| CVE-2004-0386 | 0.05 | — | 0.27 | May 4, 2004 | Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header. | |||
| CVE-2008-4610 | 0.04 | — | 0.09 | Oct 20, 2008 | MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718. | |||
| CVE-2008-1558 | 0.04 | — | 0.17 | Mar 31, 2008 | Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. NOTE: this issue has been referred to as an integer overflow. | |||
| CVE-2008-0485 | 0.04 | — | 0.09 | Feb 5, 2008 | Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag. | |||
| CVE-2007-4938 | 0.04 | — | 0.16 | Sep 18, 2007 | Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a… | |||
| CVE-2004-0659 | 0.04 | — | 0.16 | Aug 6, 2004 | Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 allows remote attackers to execute arbitrary code via a long file name. | |||
| CVE-2003-0835 | 0.03 | — | 0.05 | Nov 17, 2003 | Multiple buffer overflows in asf_http_request of MPlayer before 0.92 allows remote attackers to execute arbitrary code via an ASX header with a long hostname. | |||
| CVE-2008-5616 | 0.01 | — | 0.08 | Dec 17, 2008 | Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file. | |||
| CVE-2008-3827 | 0.01 | — | 0.11 | Sep 29, 2008 | Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or… | |||
| CVE-2026-12706 | 0.00 | — | 0.00 | Jun 19, 2026 | A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decode_move() function initializes a read pointer into a decompressed buffer, but a subsequent reallocation of that same buffer during move-table processing leaves the pointer dangling. An attacker… | |||
| CVE-2020-19824 | 0.00 | — | 0.00 | Feb 17, 2023 | An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the ao_c parameter. | |||
| CVE-2022-38600 | 0.00 | — | 0.00 | Sep 15, 2022 | Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf_vo.c. | |||
| CVE-2022-38853 | 0.00 | — | 0.00 | Sep 15, 2022 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function asf_init_audio_stream() of libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. | |||
| CVE-2022-38856 | 0.00 | — | 0.00 | Sep 15, 2022 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. | |||
| CVE-2022-38862 | 0.00 | — | 0.00 | Sep 15, 2022 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function play() of libaf/af.c:639. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. | |||
| CVE-2022-38861 | 0.00 | — | 0.00 | Sep 15, 2022 | The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function free_mp_image() of libmpcodecs/mp_image.c. |
- risk 0.64cvss —epss 0.01
A stack-based buffer overflow vulnerability exists in MPlayer Lite r33064 due to improper bounds checking when handling M3U playlist files containing long http:// URL entries. An attacker can craft a malicious .m3u file with a specially formatted URL that triggers a stack…
- risk 0.36cvss 5.5epss 0.01
The avcodec_decode_audio4 function in libavcodec in libavformat 57.34.103, as used in MPlayer, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file.
- risk 0.36cvss 5.5epss 0.01
Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer allows remote attackers to cause a denial of service (crash) via large dimensions in a gif file.
- CVE-2011-3625Jun 11, 2014risk 0.05cvss —epss 0.24
Stack-based buffer overflow in the sub_read_line_sami function in subreader.c in MPlayer, as used in SMPlayer 0.6.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a SAMI subtitle file.
- CVE-2004-0386May 4, 2004risk 0.05cvss —epss 0.27
Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.
- CVE-2008-4610Oct 20, 2008risk 0.04cvss —epss 0.09
MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718.
- CVE-2008-1558Mar 31, 2008risk 0.04cvss —epss 0.17
Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. NOTE: this issue has been referred to as an integer overflow.
- CVE-2008-0485Feb 5, 2008risk 0.04cvss —epss 0.09
Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag.
- CVE-2007-4938Sep 18, 2007risk 0.04cvss —epss 0.16
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a…
- CVE-2004-0659Aug 6, 2004risk 0.04cvss —epss 0.16
Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 allows remote attackers to execute arbitrary code via a long file name.
- CVE-2003-0835Nov 17, 2003risk 0.03cvss —epss 0.05
Multiple buffer overflows in asf_http_request of MPlayer before 0.92 allows remote attackers to execute arbitrary code via an ASX header with a long hostname.
- CVE-2008-5616Dec 17, 2008risk 0.01cvss —epss 0.08
Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file.
- CVE-2008-3827Sep 29, 2008risk 0.01cvss —epss 0.11
Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or…
- CVE-2026-12706Jun 19, 2026risk 0.00cvss —epss 0.00
A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decode_move() function initializes a read pointer into a decompressed buffer, but a subsequent reallocation of that same buffer during move-table processing leaves the pointer dangling. An attacker…
- CVE-2020-19824Feb 17, 2023risk 0.00cvss —epss 0.00
An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the ao_c parameter.
- CVE-2022-38600Sep 15, 2022risk 0.00cvss —epss 0.00
Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf_vo.c.
- CVE-2022-38853Sep 15, 2022risk 0.00cvss —epss 0.00
Certain The MPlayer Project products are vulnerable to Buffer Overflow via function asf_init_audio_stream() of libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.
- CVE-2022-38856Sep 15, 2022risk 0.00cvss —epss 0.00
Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.
- CVE-2022-38862Sep 15, 2022risk 0.00cvss —epss 0.00
Certain The MPlayer Project products are vulnerable to Buffer Overflow via function play() of libaf/af.c:639. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.
- CVE-2022-38861Sep 15, 2022risk 0.00cvss —epss 0.00
The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function free_mp_image() of libmpcodecs/mp_image.c.
Page 1 of 3