5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.027 Low
EPSS
Percentile
90.6%
Secunia reports:
The vulnerabilities are caused due to integer overflow errors
in “libmpdemux/asfheader.c” within the handling of an ASF file,
and in “libmpdemux/aviheader.c” when parsing the “indx” chunk in
an AVI file. This can be exploited to cause heap-based buffer
overflows via a malicious ASF file, or via a AVI file with
specially-crafted “wLongsPerEntry” and “nEntriesInUse” values in
the “indx” chunk.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | mplayer | < 0.99.7_12 | UNKNOWN |
FreeBSD | any | noarch | mplayer-esound | < 0.99.7_12 | UNKNOWN |
FreeBSD | any | noarch | mplayer-gtk | < 0.99.7_12 | UNKNOWN |
FreeBSD | any | noarch | mplayer-gtk2 | < 0.99.7_12 | UNKNOWN |
FreeBSD | any | noarch | mplayer-gtk-esound | < 0.99.7_12 | UNKNOWN |
FreeBSD | any | noarch | mplayer-gtk2-esound | < 0.99.7_12 | UNKNOWN |