CVE-2007-2948 - Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow rem

CVE-2007-2948

Summary

Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long (1) album title or (2) category.

References

Vulnerable Configurations

cpe:2.3:a:mplayer:mplayer:1.0_rc1:*:*:*:*:*:*:*
cpe:2.3:a:mplayer:mplayer:1.0_rc1:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 29-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	24339
confirm	http://svn.mplayerhq.hu/mplayer/trunk/stream/stream_cddb.c?r1=23287&r2=23470&diff_format=u http://www.mplayerhq.hu/design7/news.html
debian	DSA-1313
gentoo	GLSA-200707-07
mandriva	MDKSA-2007:143
misc	http://secunia.com/secunia_research/2007-55/
mlist	[MPlayer-announce] 20070605 MPlayer 1.0rc1try3 released
osvdb	36991
secunia	24302 25713 25940 26083 26207
suse	SUSE-SR:2007:014
vupen	ADV-2007-2080
xf	mplayer-cddb-bo(34749)

Last major update

29-07-2017 - 01:31

Published

07-06-2007 - 21:30

Last modified

29-07-2017 - 01:31