CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-38858 – Gentoo Linux Security Advisory 202405-05
https://notcve.org/view.php?id=CVE-2022-38858
15 Sep 2022 — Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. Determinados productos de The MPlayer Project son vulnerables al desbordamiento del búfer por medio de la función mov_build_index() del archivo libmpdemux/demux_mov.c. Esto afecta a mplayer versión SVN-r38374-13.0.1 y mencoder versión SVN-r38374-13.0.1 Multiple vulnerabilities have been discovered in MPlayer, t... • https://lists.debian.org/debian-lts-announce/2022/12/msg00042.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-38860 – Gentoo Linux Security Advisory 202405-05
https://notcve.org/view.php?id=CVE-2022-38860
15 Sep 2022 — Certain The MPlayer Project products are vulnerable to Divide By Zero via function demux_open_avi() of libmpdemux/demux_avi.c which affects mencoder. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. Algunos productos de The MPlayer Project son vulnerables a una división por cero por medio de la función demux_open_avi() del archivo libmpdemux/demux_avi.c que afecta a mencoder. Esto afecta a mplayer versión SVN-r38374-13.0.1 y mencoder versión SVN-r38374-13.0.1 It was discovered that MPl... • https://lists.debian.org/debian-lts-announce/2022/12/msg00042.html • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-38861 – Gentoo Linux Security Advisory 202405-05
https://notcve.org/view.php?id=CVE-2022-38861
15 Sep 2022 — The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function free_mp_image() of libmpcodecs/mp_image.c. The MPlayer Project mplayer versión SVN-r38374-13.0.1, es vulnerable a una corrupción de memoria por medio de la función free_mp_image() del archivo libmpcodecs/mp_image.c It was discovered that MPlayer could be made to divide by zero when processing certain malformed media files. If a user were tricked into opening a specially crafted media file, an attacker could possibl... • https://lists.debian.org/debian-lts-announce/2022/12/msg00042.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-38863 – Gentoo Linux Security Advisory 202405-05
https://notcve.org/view.php?id=CVE-2022-38863
15 Sep 2022 — Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mp_getbits() of libmpdemux/mpeg_hdr.c which affects mencoder and mplayer. This affects mecoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1. Determinados productos de The MPlayer Project son vulnerables al desbordamiento del búfer por medio de la función mp_getbits() del archivo libmpdemux/mpeg_hdr.c que afecta a mencoder y mplayer. Esto afecta a mecoder SVN-r38374-13.0.1 y mplayer SVN-r38374-13.0.1 It was discovered that... • https://lists.debian.org/debian-lts-announce/2022/12/msg00042.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-38864 – Gentoo Linux Security Advisory 202405-05
https://notcve.org/view.php?id=CVE-2022-38864
15 Sep 2022 — Certain The MPlayer Project products are vulnerable to Buffer Overflow via the function mp_unescape03() of libmpdemux/mpeg_hdr.c. This affects mencoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1. Determinados productos de The MPlayer Project son vulnerables al desbordamiento del búfer por la función mp_unescape03() del archivo libmpdemux/mpeg_hdr.c. Esto afecta a mencoder SVN-r38374-13.0.1 y mplayer SVN-r38374-13.0.1 It was discovered that MPlayer could be made to divide by zero when processing certain... • https://lists.debian.org/debian-lts-announce/2022/12/msg00042.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-38865 – Gentoo Linux Security Advisory 202405-05
https://notcve.org/view.php?id=CVE-2022-38865
15 Sep 2022 — Certain The MPlayer Project products are vulnerable to Divide By Zero via the function demux_avi_read_packet of libmpdemux/demux_avi.c. This affects mplyer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. Determinados productos de The MPlayer Project son vulnerables a la división por cero por medio de la función demux_avi_read_packet del archivo libmpdemux/demux_avi.c. Esto afecta a mplayer versión SVN-r38374-13.0.1 y mencoder versión SVN-r38374-13.0.1 It was discovered that MPlayer could be made to divide... • https://lists.debian.org/debian-lts-announce/2022/12/msg00042.html • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-38866 – Gentoo Linux Security Advisory 202405-05
https://notcve.org/view.php?id=CVE-2022-38866
15 Sep 2022 — Certain The MPlayer Project products are vulnerable to Buffer Overflow via read_avi_header() of libmpdemux/aviheader.c . This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. Determinados productos de The MPlayer Project son vulnerables al desbordamiento del búfer por medio de la función read_avi_header() del archivo libmpdemux/aviheader.c . Esto afecta a mplayer versión SVN-r38374-13.0.1 y mencoder versión SVN-r38374-13.0.1 Multiple vulnerabilities have been discovered in MPlayer, the wors... • https://lists.debian.org/debian-lts-announce/2022/12/msg00042.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-25047 – Ubuntu Security Notice USN-7158-1
https://notcve.org/view.php?id=CVE-2018-25047
14 Sep 2022 — In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that could be parameterized using GET or POST input parameters, could allow injection of JavaScript code by a user. En Smarty versiones anteriores a 3.1.47 y 4.x anteriores a 4.2.1, el archivo libs/plugins/function.mailto.php permite un ataque de tipo XSS. Una página web que usa smarty_function_mailto, y que pueda ser parametrizada usando parámetros de entrada GET o POS... • https://bugs.gentoo.org/870100 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-40674 – expat: a use-after-free in the doContent function in xmlparse.c
https://notcve.org/view.php?id=CVE-2022-40674
14 Sep 2022 — libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. libexpat versiones anteriores a 2.4.9, presenta un uso de memoria previamente liberada en la función doContent en el archivo xmlparse.c A vulnerability was found in expat. With this flaw, it is possible to create a situation in which parsing is suspended while substituting in an internal entity so that XML_ResumeParser directly uses the internalEntityProcessor as its processor. If the subsequent parse includes some unclosed ... • https://github.com/libexpat/libexpat/pull/629 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2022-32886 – webkitgtk: buffer overflow issue was addressed with improved memory handling
https://notcve.org/view.php?id=CVE-2022-32886
13 Sep 2022 — A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de desbordamiento del búfer con un manejo de memoria mejorado. Este problema es corregido en Safari versión 16, iOS versión 16, iOS versión 15.7 y iPadOS versión 15.7. • http://seclists.org/fulldisclosure/2022/Oct/28 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •