CVE-2008-0486

Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.
Severity
UNKNOWN
AV:N/AC:L/Au:N/C:P/I:P/A:P
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
mplayermplayer
1.02rc2
xinexine-lib
1.1.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mplayer
bullseye
2:1.4+ds1-1+deb11u1
fixed
sarge
not-affected
bookworm
2:1.5+svn38408-1
fixed
sid
2:1.5+svn38542-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mplayer
hardy
Fixed 2:1.0~rc2-0ubuntu9
released
gutsy
Fixed 2:1.0~rc1-0ubuntu13.2
released
feisty
Fixed 2:1.0~rc1-0ubuntu9.3
released
edgy
Fixed 2:0.99+1.0pre8-0ubuntu8.2
released
dapper
not-affected
xine-lib
hardy
not-affected
gutsy
Fixed 1.1.7-1ubuntu1.3
released
feisty
Fixed 1.1.4-2ubuntu3.1
released
edgy
ignored
dapper
not-affected
Common Weakness Enumeration
References