135 matches found
Code injection
An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the aoc parameter...
CVE-2020-19824
An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the aoc parameter...
mpv 竞争条件问题漏洞
mpv is a command line video player from mpv open source. A security vulnerability exists in mpv version v.0.29.1, which can be exploited by an attacker to execute arbitrary code and crash the program via the aoc parameter...
CVE-2020-19824
MPV is affected by CVE-2020-19824: in MPV v0.29.1, a use-after-free flaw in the ao_c path allows an attacker to execute arbitrary code or crash the program. The issue is fixed in v0.30. Practical impact described in sources is high (local access, user interaction required) with significant confid...
CVE-2020-19824
An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the aoc parameter...
CVE-2020-19824
An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the aoc parameter...
SUSE CVE-2018-6360
mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. For example, an av://lavfi:ladspa=file= UR...
SUSE CVE-2021-30145
A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file...
mpv-suv.co.uk Cross Site Scripting vulnerability OBB-2752349
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
mail.mpv-patent.com Cross Site Scripting vulnerability OBB-2485929
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Mageia: Security Advisory (MGASA-2021-0235)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GLSA-202107-46 : mpv: Format string vulnerability
The remote host is affected by the vulnerability described in GLSA-202107-46 mpv: Format string vulnerability mpv uses untrusted input within format strings. Impact : A remote attacker could entice a user to open a specially crafted m3u playlist file using mpv, possibly resulting in execution of...
OS Command Injection in node-mpv
node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument...
GHSA-CQR2-XHG6-P268 OS Command Injection in node-mpv
node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument...
mpv-staufenberg.de Cross Site Scripting vulnerability OBB-2312993
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
mpv: Format string vulnerability
Background Video player based on MPlayer/mplayer2. Description mpv uses untrusted input within format strings. Impact A remote attacker could entice a user to open a specially crafted m3u playlist file using mpv, possibly resulting in execution of arbitrary code with the privileges of the process...
Updated mpv packages fix a security vulnerability
Fixed format string vulnerability allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file CVE-2021-30145...
MGASA-2021-0235 Updated mpv packages fix a security vulnerability
Fixed format string vulnerability allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file CVE-2021-30145...
OPENSUSE-SU-2021:0798-1 Security update for mpv
This update for mpv fixes the following issues: - CVE-2021-30145: Fixed format string vulnerability allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file boo1186230 This update was imported from the openSUSE:Leap:15.2:Update update project...
Security update for mpv (important)
openSUSE Security Update: Security update for mpv Announcement ID: openSUSE-SU-2021:0798-1 Rating: important References: 1186230 Cross-References: CVE-2021-30145 CVSS scores: CVE-2021-30145 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP2 An...