CVE-2008-5616
MPlayer < 1.0_rc1 - Stack-based Buffer Overflow via Malformed TwinVQ File
Title source: llmDescription
Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file.
References (10)
Core 10
Core References
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:014
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:013
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/32822
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/499214/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34845
Various Sources x_refsource_confirm
http://svn.mplayerhq.hu/mplayer/branches/1.0rc2/libmpdemux/demux_vqf.c?r1=24723&r2=28150&pathrev=28150
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1782
Various Sources x_refsource_misc
http://trapkit.de/advisories/TKADV2008-014.txt
Various Sources x_refsource_confirm
http://svn.mplayerhq.hu/mplayer/branches/1.0rc2/libmpdemux/demux_vqf.c?view=log&pathrev=28150#rev28150
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33136
Scores
EPSS
0.0769
EPSS Percentile
93.9%
Details
CWE
CWE-119
Status
published
Products (20)
mplayer/mplayer
0.90
mplayer/mplayer
0.90_pre
mplayer/mplayer
0.90_rc
mplayer/mplayer
0.90_rc4
mplayer/mplayer
0.91
mplayer/mplayer
0.92
mplayer/mplayer
0.92.1
mplayer/mplayer
0.92_cvs
mplayer/mplayer
1.0_pre1
mplayer/mplayer
1.0_pre2
... and 10 more
Published
Dec 17, 2008
Tracked Since
Feb 18, 2026