CVE-2022-38851

MEDIUM

The MPlayer Project <13.0.1 - Memory Corruption

Title source: llm
STIX 2.1

Description

Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function read_meta_record() of mplayer/libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.

References (2)

Core 2
Core References
Exploit, Issue Tracking, Third Party Advisory
https://trac.mplayerhq.hu/ticket/2393
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/12/msg00042.html

Scores

CVSS v3 5.5
EPSS 0.0006
EPSS Percentile 18.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE
CWE-125
Status published
Products (3)
debian/debian_linux 10.0
mplayerhq/mencoder svn-r38374-13.0.1
mplayerhq/mplayer svn-r38374-13.0.1
Published Sep 15, 2022
Tracked Since Feb 18, 2026