CVSS: 8.8EPSS: 5%CPEs: 109EXPL: 0CVE-2010-3429 – Gentoo Linux Security Advisory 201310-13
https://notcve.org/view.php?id=CVE-2010-3429
30 Sep 2010 — flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability." flicvideo.c en libavcodec 0.6 y versiones anteriores en FFmpeg, tal como es usado en MPlayer y otros productos, permite a atacantes remotos ejecutar código de su elección mediante un fichero flic manipulado, relacionado con una "arbitrary offset dereference vulnerability." Multiple vu... • http://git.ffmpeg.org/?p=ffmpeg%3Ba=commit%3Bh=16c592155f117ccd7b86006c45aacc692a81c23b • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 30%CPEs: 20EXPL: 0CVE-2008-5616
https://notcve.org/view.php?id=CVE-2008-5616
17 Dec 2008 — Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file. Desbordamiento de búfer basado en pila en la función demux_open_vqf en libmpdemux/demux_vqf.c en MPlayer v1.0 rc2 anterior a r28150 que permite a atacantes remotos ejecutar código a su elección a través de un fichero malformado TwinVQ. • http://secunia.com/advisories/33136 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2007-6718 – Gentoo Linux Security Advisory 201310-13
https://notcve.org/view.php?id=CVE-2007-6718
20 Oct 2008 — MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as demonstrated by lol-mplayer.flac; (7)... • http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities •
CVSS: 6.5EPSS: 3%CPEs: 20EXPL: 2CVE-2008-4610 – MPlayer - '.AAC' File Handling Denial of Service
https://notcve.org/view.php?id=CVE-2008-4610
20 Oct 2008 — MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718. MPlayer permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) mediante (1) un archivo mal formado, como lo demuestra lol-vlc.aac; o (2) un archivo malformado Ogg Media (OGM), como lo demuestra lol-ffplay.ogm, vectores di... • https://www.exploit-db.com/exploits/32856 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 2%CPEs: 21EXPL: 0CVE-2008-3827
https://notcve.org/view.php?id=CVE-2008-3827
29 Sep 2008 — Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or write arbitrary memory. Mútiples desbordamientos de entero en MPlayer v1.0_rc2 y anteriores permite a atacantes remotos provocar una denegación de servicio (finalización de proceso) y posiblemente ejecutar código de su elección mediant... • http://secunia.com/advisories/32045 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 17%CPEs: 1EXPL: 2CVE-2008-0485 – MPlayer 1.0rc2 - 'demux_mov.c' Remote Code Execution
https://notcve.org/view.php?id=CVE-2008-0485
05 Feb 2008 — Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag. Error en el índice de array en libmpdemux/demux_mov.c de MPlayer 1.0 rc2 y versiones anteriores. Podría permitir a atacantes remotos ejecutar código de su elección a través de un archivo MOV de QuickTime modificado con una etiqueta stsc atom. • https://www.exploit-db.com/exploits/31076 • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 0CVE-2007-1387
https://notcve.org/view.php?id=CVE-2007-1387
13 Mar 2007 — The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1246. El cargador DirectShow (loader/dshow/DS_VideoDecoder.c) en MPlayer 1.0rc1 y anteriores, como el usado en xine-lib, no establece el biSize antes de usarse en memcpy, lo cual permite a atacantes remotos co... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414072 •
CVSS: 8.8EPSS: 9%CPEs: 1EXPL: 0CVE-2007-1246
https://notcve.org/view.php?id=CVE-2007-1246
03 Mar 2007 — The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1387. La función DMO_VideoDecoder_Open en el archivo loader/dmo/DMO_VideoDecoder.c en MPlayer versión 1.0rc1 y anteriores, tal como es usado en xine-lib, no establece el biSize antes de usarlo en ... • http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052738.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 1CVE-2006-6172
https://notcve.org/view.php?id=CVE-2006-6172
30 Nov 2006 — Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches. Desbordamiento de búfer en la función asmrp_eval para el extensión de entrada a Real Media permite a atacantes remotos provocar una denegación de servicio y la posibilida... • http://secunia.com/advisories/23218 •
CVSS: 7.1EPSS: 6%CPEs: 1EXPL: 0CVE-2006-1502
https://notcve.org/view.php?id=CVE-2006-1502
30 Mar 2006 — Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negative integer after the conversion from a char to an int or (2) an AVI file with a crafted wLongsPerEntry or nEntriesInUse value in the indx chunk, which is handled in aviheader.c. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044615.html •