7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.057 Low
EPSS
Percentile
93.4%
Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and
SVN before r25917, and possibly earlier versions, as used in Xine-lib
1.1.10, might allow remote attackers to execute arbitrary code via a
crafted FLAC tag, which triggers a buffer overflow.
Author | Note |
---|---|
jdstrand | according to http://xinehq.de/index.php/security, 1.1.1 and older are not affected |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.10 | noarch | mplayer | <Β 2:0.99+1.0pre8-0ubuntu8.2 | UNKNOWN |
ubuntu | 7.04 | noarch | mplayer | <Β 2:1.0~rc1-0ubuntu9.3 | UNKNOWN |
ubuntu | 7.10 | noarch | mplayer | <Β 2:1.0~rc1-0ubuntu13.2 | UNKNOWN |
ubuntu | 8.04 | noarch | mplayer | <Β 2:1.0~rc2-0ubuntu9 | UNKNOWN |
ubuntu | 7.04 | noarch | xine-lib | <Β 1.1.4-2ubuntu3.1 | UNKNOWN |
ubuntu | 7.10 | noarch | xine-lib | <Β 1.1.7-1ubuntu1.3 | UNKNOWN |