CVE-2008-5616

MPlayer < 1.0_rc1 - Stack-based Buffer Overflow via Malformed TwinVQ File

Title source: llm
STIX 2.1

Description

Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file.

References (10)

Core 10
Core References
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:014
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:013
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32822
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/499214/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34845
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1782
Various Sources x_refsource_misc
http://trapkit.de/advisories/TKADV2008-014.txt
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33136

Scores

EPSS 0.0769
EPSS Percentile 93.9%

Details

CWE
CWE-119
Status published
Products (20)
mplayer/mplayer 0.90
mplayer/mplayer 0.90_pre
mplayer/mplayer 0.90_rc
mplayer/mplayer 0.90_rc4
mplayer/mplayer 0.91
mplayer/mplayer 0.92
mplayer/mplayer 0.92.1
mplayer/mplayer 0.92_cvs
mplayer/mplayer 1.0_pre1
mplayer/mplayer 1.0_pre2
... and 10 more
Published Dec 17, 2008
Tracked Since Feb 18, 2026