CVSS: 9.3EPSS: 5%CPEs: 21EXPL: 0CVE-2008-3827
https://notcve.org/view.php?id=CVE-2008-3827
Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or write arbitrary memory. Mútiples desbordamientos de entero en MPlayer v1.0_rc2 y anteriores permite a atacantes remotos provocar una denegación de servicio (finalización de proceso) y posiblemente ejecutar código de su elección mediante un fichero de vídeo manipulado que provoca que la función stream_read lea o escriba en una zona de memoria de su elección. • http://secunia.com/advisories/32045 http://secunia.com/advisories/32153 http://securityreason.com/securityalert/4326 http://svn.mplayerhq.hu/mplayer/trunk/libmpdemux/demux_real.c?r1=27314&r2=27675 http://www.debian.org/security/2008/dsa-1644 http://www.mandriva.com/security/advisories?name=MDVSA-2008:219 http://www.ocert.org/advisories/ocert-2008-013.html http://www.securityfocus.com/archive/1/496806/100/0/threaded http://www.securityfocus.com/bid/31473 http://www.securitytr • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 30%CPEs: 1EXPL: 1CVE-2008-1558 – MPlayer 1.0 rc2 - 'sdpplin_parse()' Array Indexing Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-1558
Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. NOTE: this issue has been referred to as an integer overflow. Índice de array sin controlar en la función sdpplin_parse de stream/realrtsp/sdpplin.c en MPlayer 1.0 rc2 permite a atacantes remotos sobrescribir memoria y ejecutar código de su elección a través de un parámetro streamid SDP grande. NOTA: este problema ha sido referenciado como un desbordamiento de entero. • https://www.exploit-db.com/exploits/5307 http://secunia.com/advisories/29515 http://secunia.com/advisories/29921 http://secunia.com/advisories/30412 http://security.gentoo.org/glsa/glsa-200805-22.xml http://www.debian.org/security/2008/dsa-1552 http://www.mandriva.com/security/advisories?name=MDVSA-2008:196 http://www.securityfocus.com/bid/28851 http://www.vupen.com/english/advisories/2008/0997/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41490 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 20%CPEs: 1EXPL: 2CVE-2008-0485 – MPlayer 1.0rc2 - 'demux_mov.c' Remote Code Execution
https://notcve.org/view.php?id=CVE-2008-0485
Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag. Error en el índice de array en libmpdemux/demux_mov.c de MPlayer 1.0 rc2 y versiones anteriores. Podría permitir a atacantes remotos ejecutar código de su elección a través de un archivo MOV de QuickTime modificado con una etiqueta stsc atom. • https://www.exploit-db.com/exploits/31076 http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060032.html http://secunia.com/advisories/28779 http://secunia.com/advisories/28955 http://secunia.com/advisories/28956 http://secunia.com/advisories/29307 http://security.gentoo.org/glsa/glsa-200803-16.xml http://securityreason.com/securityalert/3607 http://www.coresecurity.com/?action=item&id=2102 http://www.debian.org/security/2008/dsa-1496 http://www.mandriva.com • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 12%CPEs: 1EXPL: 0CVE-2007-1387
https://notcve.org/view.php?id=CVE-2007-1387
The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1246. El cargador DirectShow (loader/dshow/DS_VideoDecoder.c) en MPlayer 1.0rc1 y anteriores, como el usado en xine-lib, no establece el biSize antes de usarse en memcpy, lo cual permite a atacantes remotos con la complicidad del usuario provocar un desbordamiento de búfer y posiblemente ejecutar código de su elección, una vulnerabilidad diferente que CVE-2007-1246. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414072 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414072%3Bmsg=12%3Bfilename=DS_VideoDecoder.c---SVN--22205.patch%3Batt=1 http://secunia.com/advisories/24443 http://secunia.com/advisories/24444 http://secunia.com/advisories/24462 http://secunia.com/advisories/25462 http://secunia.com/advisories/29601 http://security.gentoo.org/glsa/glsa-200705-21.xml http://www.debian.org/security/2008/dsa-1536 http://www.mandr •
CVSS: 7.6EPSS: 33%CPEs: 1EXPL: 0CVE-2007-1246
https://notcve.org/view.php?id=CVE-2007-1246
The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1387. La función DMO_VideoDecoder_Open en el archivo loader/dmo/DMO_VideoDecoder.c en MPlayer versión 1.0rc1 y anteriores, tal como es usado en xine-lib, no establece el biSize antes de usarlo en un memcpy, lo que permite que atacantes remotos asistidos por el usuario causen un desbordamiento del búfer y posiblemente ejecuten código arbitrario, una vulnerabilidad diferente al CVE-2007-1387. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052738.html http://secunia.com/advisories/24443 http://secunia.com/advisories/24444 http://secunia.com/advisories/24446 http://secunia.com/advisories/24448 http://secunia.com/advisories/24462 http://secunia.com/advisories/24866 http://secunia.com/advisories/24897 http://secunia.com/advisories/24995 http://secunia.com/advisories/25462 http://secunia.com/advisories/29601 http://security.gentoo.org/glsa/glsa-200704- • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •