PT-2008-6671 · Mplayer Team · Mplayer

Tobias Klein

Published

2008-12-17

Updated

2018-10-11

CVE-2008-5616

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions MPlayer version 1.0 rc2 before r28150

Description The issue is a stack-based buffer overflow in the demux open vqf function, located in libmpdemux/demux vqf.c. This allows remote attackers to execute arbitrary code via a malformed TwinVQ file.

Recommendations For MPlayer version 1.0 rc2 before r28150, update to a version after r28150 to resolve the issue. As a temporary workaround, consider avoiding the use of the demux open vqf function until a patch is available. Restrict access to malformed TwinVQ files to minimize the risk of exploitation.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2008-5616

DSA-1782-1

DTSA-181-1

Affected Products

Mplayer

PT-2008-6671 · Mplayer Team · Mplayer

CVE-2008-5616

Weakness Enumeration

Related Identifiers

Affected Products

References · 14