ID CVE-2007-6718
Summary MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as demonstrated by lol-mplayer.aac. NOTE: vector 5 might overlap CVE-2007-4938, and vector 6 might overlap CVE-2008-0486.
References
Vulnerable Configurations
  • cpe:2.3:a:mplayer:mplayer:0.90:*:*:*:*:*:*:*
    cpe:2.3:a:mplayer:mplayer:0.90:*:*:*:*:*:*:*
  • cpe:2.3:a:mplayer:mplayer:0.90_pre:*:*:*:*:*:*:*
    cpe:2.3:a:mplayer:mplayer:0.90_pre:*:*:*:*:*:*:*
  • cpe:2.3:a:mplayer:mplayer:0.90_rc:*:*:*:*:*:*:*
    cpe:2.3:a:mplayer:mplayer:0.90_rc:*:*:*:*:*:*:*
  • cpe:2.3:a:mplayer:mplayer:0.90_rc4:*:*:*:*:*:*:*
    cpe:2.3:a:mplayer:mplayer:0.90_rc4:*:*:*:*:*:*:*
  • cpe:2.3:a:mplayer:mplayer:0.91:*:*:*:*:*:*:*
    cpe:2.3:a:mplayer:mplayer:0.91:*:*:*:*:*:*:*
  • cpe:2.3:a:mplayer:mplayer:0.92:*:*:*:*:*:*:*
    cpe:2.3:a:mplayer:mplayer:0.92:*:*:*:*:*:*:*
  • cpe:2.3:a:mplayer:mplayer:0.92.1:*:*:*:*:*:*:*
    cpe:2.3:a:mplayer:mplayer:0.92.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mplayer:mplayer:0.92_cvs:*:*:*:*:*:*:*
    cpe:2.3:a:mplayer:mplayer:0.92_cvs:*:*:*:*:*:*:*
  • cpe:2.3:a:mplayer:mplayer:1.0_pre1:*:*:*:*:*:*:*
    cpe:2.3:a:mplayer:mplayer:1.0_pre1:*:*:*:*:*:*:*
  • cpe:2.3:a:mplayer:mplayer:1.0_pre2:*:*:*:*:*:*:*
    cpe:2.3:a:mplayer:mplayer:1.0_pre2:*:*:*:*:*:*:*
  • cpe:2.3:a:mplayer:mplayer:1.0_pre3:*:*:*:*:*:*:*
    cpe:2.3:a:mplayer:mplayer:1.0_pre3:*:*:*:*:*:*:*
  • cpe:2.3:a:mplayer:mplayer:1.0_pre3try2:*:*:*:*:*:*:*
    cpe:2.3:a:mplayer:mplayer:1.0_pre3try2:*:*:*:*:*:*:*
  • cpe:2.3:a:mplayer:mplayer:1.0_pre4:*:*:*:*:*:*:*
    cpe:2.3:a:mplayer:mplayer:1.0_pre4:*:*:*:*:*:*:*
  • cpe:2.3:a:mplayer:mplayer:1.0_pre5:*:*:*:*:*:*:*
    cpe:2.3:a:mplayer:mplayer:1.0_pre5:*:*:*:*:*:*:*
  • cpe:2.3:a:mplayer:mplayer:1.0_pre5try1:*:*:*:*:*:*:*
    cpe:2.3:a:mplayer:mplayer:1.0_pre5try1:*:*:*:*:*:*:*
  • cpe:2.3:a:mplayer:mplayer:1.0_pre5try2:*:*:*:*:*:*:*
    cpe:2.3:a:mplayer:mplayer:1.0_pre5try2:*:*:*:*:*:*:*
  • cpe:2.3:a:mplayer:mplayer:1.0_pre6:*:*:*:*:*:*:*
    cpe:2.3:a:mplayer:mplayer:1.0_pre6:*:*:*:*:*:*:*
  • cpe:2.3:a:mplayer:mplayer:1.0_pre7:*:*:*:*:*:*:*
    cpe:2.3:a:mplayer:mplayer:1.0_pre7:*:*:*:*:*:*:*
  • cpe:2.3:a:mplayer:mplayer:1.0_pre7try2:*:*:*:*:*:*:*
    cpe:2.3:a:mplayer:mplayer:1.0_pre7try2:*:*:*:*:*:*:*
  • cpe:2.3:a:mplayer:mplayer:*:*:*:*:*:*:*:*
    cpe:2.3:a:mplayer:mplayer:*:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 20-10-2008 - 17:59)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
misc http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities
mlist [oss-security] 20081007 CVE request: crashers / potential security risks in mplayer
Last major update 20-10-2008 - 17:59
Published 20-10-2008 - 17:59
Last modified 20-10-2008 - 17:59
Back to Top