CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2008-0629
https://notcve.org/view.php?id=CVE-2008-0629
06 Feb 2008 — Buffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN before r25824 allows remote user-assisted attackers to execute arbitrary code via a CDDB database entry containing a long album title. Desbordamiento de búfer en stream_cddb.c de MPlayer 1.0rc2 y SVN antes de r25824. Permite a atacantes remotos con la intervención del usuario ejecutar código de su elección a través de una entrada a base de datos CDDB que contiene un título de álbum largo. • http://secunia.com/advisories/28955 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 0CVE-2008-0630
https://notcve.org/view.php?id=CVE-2008-0630
06 Feb 2008 — Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 allows remote attackers to execute arbitrary code via a crafted URL that prevents the IPv6 parsing code from setting a pointer to NULL, which causes the buffer to be reused by the unescape code. Desbordamiento de búfer en url.c de MPlayer 1.0rc2 y SVN antes de r25823. Permite a atacantes remotos ejecutar código de su elección a través de de una URL manipulada que previene que el código de análisis sintáctico IPv6 coloque un puntero a NULL, lo ... • http://secunia.com/advisories/28955 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 17%CPEs: 1EXPL: 2CVE-2008-0485 – MPlayer 1.0rc2 - 'demux_mov.c' Remote Code Execution
https://notcve.org/view.php?id=CVE-2008-0485
05 Feb 2008 — Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag. Error en el índice de array en libmpdemux/demux_mov.c de MPlayer 1.0 rc2 y versiones anteriores. Podría permitir a atacantes remotos ejecutar código de su elección a través de un archivo MOV de QuickTime modificado con una etiqueta stsc atom. • https://www.exploit-db.com/exploits/31076 • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 4%CPEs: 2EXPL: 1CVE-2008-0486
https://notcve.org/view.php?id=CVE-2008-0486
05 Feb 2008 — Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. Vulnerabilidad de índice de array en libmpdemux/demux_audio.c de MPlayer 1.0rc2 y SVN antes de r25917, y posiblemente versiones anteriores, como se utilizó en Xine-lib 1.1.10. Podría permitir a atacantes remotos ejecutar código de su elección a ... • http://bugs.gentoo.org/show_bug.cgi?id=209106 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 9%CPEs: 21EXPL: 3CVE-2007-4938 – MPlayer 1.0 - AVIHeader.C Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-4938
18 Sep 2007 — Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value. Desbordamiento de búfer basado en pila en libmpdemux/aviheader.c en MPlayer 1.0rc1 y anteriores permite a atacantes remotos provocar denegación de servicio (caida de aplicación) o posiblemente ejecutar códi... • https://www.exploit-db.com/exploits/30578 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 8%CPEs: 1EXPL: 0CVE-2007-2948
https://notcve.org/view.php?id=CVE-2007-2948
07 Jun 2007 — Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long (1) album title or (2) category. Múltiples desbordamientos de búfer basados en pila en el stream/stream_cddb.c del MPlayer en versiones anteriores a la 1.0rc1try3 permite a atacantes remotos ejecutar código de su elección a través de una entrada CDDB con un (1) título de álbum largo o (2) una categoría larga. • http://lists.mplayerhq.hu/pipermail/mplayer-announce/2007-June/000066.html •
CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 0CVE-2007-1387
https://notcve.org/view.php?id=CVE-2007-1387
13 Mar 2007 — The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1246. El cargador DirectShow (loader/dshow/DS_VideoDecoder.c) en MPlayer 1.0rc1 y anteriores, como el usado en xine-lib, no establece el biSize antes de usarse en memcpy, lo cual permite a atacantes remotos co... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414072 •
CVSS: 8.8EPSS: 9%CPEs: 1EXPL: 0CVE-2007-1246
https://notcve.org/view.php?id=CVE-2007-1246
03 Mar 2007 — The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1387. La función DMO_VideoDecoder_Open en el archivo loader/dmo/DMO_VideoDecoder.c en MPlayer versión 1.0rc1 y anteriores, tal como es usado en xine-lib, no establece el biSize antes de usarlo en ... • http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052738.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 1CVE-2006-6172
https://notcve.org/view.php?id=CVE-2006-6172
30 Nov 2006 — Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches. Desbordamiento de búfer en la función asmrp_eval para el extensión de entrada a Real Media permite a atacantes remotos provocar una denegación de servicio y la posibilida... • http://secunia.com/advisories/23218 •
CVSS: 7.1EPSS: 6%CPEs: 1EXPL: 0CVE-2006-1502
https://notcve.org/view.php?id=CVE-2006-1502
30 Mar 2006 — Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negative integer after the conversion from a char to an int or (2) an AVI file with a crafted wLongsPerEntry or nEntriesInUse value in the indx chunk, which is handled in aviheader.c. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044615.html •