9 matches found
DEBIAN-CVE-2020-19824
An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the aoc parameter...
UBUNTU-CVE-2020-19824
An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the aoc parameter...
SUSE CVE-2021-30145
A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file...
DEBIAN-CVE-2021-30145
A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file...
UBUNTU-CVE-2021-30145
A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file...
GLSA-201805-05 : mpv: Remote code execution
The remote host is affected by the vulnerability described in GLSA-201805-05 mpv: Remote code execution A vulnerability was discovered in mpv with the handling of HTML documents containing VIDEO elements. Additionally, mpv accepts arbitrary URLs in a src attribute without a protocol whitelist in...
[SECURITY] [DSA 4105-1] mpv security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4105-1 [email protected] https://www.debian.org/security/ February 06, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------...
MPV Arbitrary Code Execution Vulnerability
MPV is a free, cross-platform open source media player. A security vulnerability exists in MPV 0.28.0 and earlier versions. A remote attacker can exploit the vulnerability to execute arbitrary code with the help of a specially crafted website...
UBUNTU-CVE-2018-6360
mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. For example, an av://lavfi:ladspa=file= UR...