1. CVE-Search
  2. CVE-2007-1387
ID CVE-2007-1387
Summary The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1246.
References
Vulnerable Configurations
  • cpe:2.3:a:mplayer:mplayer:*:*:*:*:*:*:*:*
    cpe:2.3:a:mplayer:mplayer:*:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 03-10-2018 - 21:46)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH MULTIPLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:H/Au:M/C:C/I:C/A:C
refmap via4
bid 22933
confirm http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414072
debian DSA-1536
gentoo GLSA-200705-21
mandriva
  • MDKSA-2007:061
  • MDKSA-2007:062
misc http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414072;msg=12;filename=DS_VideoDecoder.c---SVN--22205.patch;att=1
secunia
  • 24443
  • 24444
  • 24462
  • 25462
  • 29601
ubuntu USN-435-1
Last major update 03-10-2018 - 21:46
Published 13-03-2007 - 19:19
Last modified 03-10-2018 - 21:46
Back to Top