CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-38864
https://notcve.org/view.php?id=CVE-2022-38864
Certain The MPlayer Project products are vulnerable to Buffer Overflow via the function mp_unescape03() of libmpdemux/mpeg_hdr.c. This affects mencoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1. Determinados productos de The MPlayer Project son vulnerables al desbordamiento del búfer por la función mp_unescape03() del archivo libmpdemux/mpeg_hdr.c. Esto afecta a mencoder SVN-r38374-13.0.1 y mplayer SVN-r38374-13.0.1 • https://lists.debian.org/debian-lts-announce/2022/12/msg00042.html https://trac.mplayerhq.hu/ticket/2406 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-38865
https://notcve.org/view.php?id=CVE-2022-38865
Certain The MPlayer Project products are vulnerable to Divide By Zero via the function demux_avi_read_packet of libmpdemux/demux_avi.c. This affects mplyer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. Determinados productos de The MPlayer Project son vulnerables a la división por cero por medio de la función demux_avi_read_packet del archivo libmpdemux/demux_avi.c. Esto afecta a mplayer versión SVN-r38374-13.0.1 y mencoder versión SVN-r38374-13.0.1 • https://lists.debian.org/debian-lts-announce/2022/12/msg00042.html https://trac.mplayerhq.hu/ticket/2401 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-38866
https://notcve.org/view.php?id=CVE-2022-38866
Certain The MPlayer Project products are vulnerable to Buffer Overflow via read_avi_header() of libmpdemux/aviheader.c . This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. Determinados productos de The MPlayer Project son vulnerables al desbordamiento del búfer por medio de la función read_avi_header() del archivo libmpdemux/aviheader.c . Esto afecta a mplayer versión SVN-r38374-13.0.1 y mencoder versión SVN-r38374-13.0.1 • https://lists.debian.org/debian-lts-announce/2022/12/msg00042.html https://trac.mplayerhq.hu/ticket/2403#comment:2 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 4%CPEs: 78EXPL: 0CVE-2004-1187
https://notcve.org/view.php?id=CVE-2004-1187
Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188. • http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21 http://www.idefense.com/application/poi/display?id=176&type=vulnerabilities http://www.mandriva.com/security/advisories?name=MDKSA-2005:011 http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff https://exchange.xforce.ibmcloud.com/vulnerabilities/18640 •
CVSS: 10.0EPSS: 0%CPEs: 78EXPL: 0CVE-2004-1188
https://notcve.org/view.php?id=CVE-2004-1188
The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187. • http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21 http://www.idefense.com/application/poi/display?id=177&type=vulnerabilities http://www.mandriva.com/security/advisories?name=MDKSA-2005:011 http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff https://exchange.xforce.ibmcloud.com/vulnerabilities/18638 •