CVE-2007-4938

Name of the Vulnerable Software and Affected Versions MPlayer versions 1.0rc1 and earlier

Description The issue is related to a heap-based buffer overflow that can be triggered by a specially crafted .avi file. This file would contain certain large "indx truck size" and nEntriesInuse values, along with a specific wLongsPerEntry value. The overflow could allow remote attackers to cause a denial of service, resulting in an application crash, or possibly execute arbitrary code.

Recommendations For MPlayer versions 1.0rc1 and earlier, consider avoiding the use of .avi files from untrusted sources until a patch is available. As a temporary workaround, restrict the playback of .avi files to minimize the risk of exploitation.