CVE-2008-5616

2008-12-1701:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-5616

buffer overflow

mplayer

security vulnerability

twinvq file

nvd

7.6 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.179 Low

EPSS

Percentile

96.2%

JSON

Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file.

CPENameOperatorVersion
mplayer:mplayermplayereq0.92
mplayer:mplayermplayerle1.0_rc1
mplayer:mplayermplayereq1.0_pre2
mplayer:mplayermplayereq0.90
mplayer:mplayermplayereq1.0_pre1
mplayer:mplayermplayereq0.90_rc
mplayer:mplayermplayereq1.0_pre5try2
mplayer:mplayermplayereq0.92.1
mplayer:mplayermplayereq1.0_pre3
mplayer:mplayermplayereq1.0_pre7try2

CPE	Name	Operator	Version
mplayer:mplayer	mplayer	eq	0.92
mplayer:mplayer	mplayer	le	1.0_rc1
mplayer:mplayer	mplayer	eq	1.0_pre2
mplayer:mplayer	mplayer	eq	0.90
mplayer:mplayer	mplayer	eq	1.0_pre1
mplayer:mplayer	mplayer	eq	0.90_rc
mplayer:mplayer	mplayer	eq	1.0_pre5try2
mplayer:mplayer	mplayer	eq	0.92.1
mplayer:mplayer	mplayer	eq	1.0_pre3
mplayer:mplayer	mplayer	eq	1.0_pre7try2