ID CVE-2008-0486
Summary Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:mplayer:mplayer:1.02rc2:*:*:*:*:*:*:*
    cpe:2.3:a:mplayer:mplayer:1.02rc2:*:*:*:*:*:*:*
  • cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:xine:xine-lib:1.1.10:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 15-10-2018 - 22:00)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 27441
bugtraq 20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability
confirm
debian
  • DSA-1496
  • DSA-1536
fedora
  • FEDORA-2008-1543
  • FEDORA-2008-1581
fulldisc 20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability
gentoo
  • GLSA-200802-12
  • GLSA-200803-16
mandriva
  • MDVSA-2008:045
  • MDVSA-2008:046
misc http://www.coresecurity.com/?action=item&id=2103
secunia
  • 28779
  • 28801
  • 28918
  • 28955
  • 28956
  • 28989
  • 29141
  • 29307
  • 29323
  • 29601
  • 31393
sreason 3608
suse SUSE-SR:2008:006
ubuntu USN-635-1
vupen
  • ADV-2008-0406
  • ADV-2008-0421
Last major update 15-10-2018 - 22:00
Published 05-02-2008 - 12:00
Last modified 15-10-2018 - 22:00
Back to Top