CVE-2008-3827

Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or write arbitrary memory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
mplayermplayer
𝑥
≤ 1.0_rc2
mplayermplayer
0.90
mplayermplayer
0.90_pre:_pre
mplayermplayer
0.90_rc:_rc
mplayermplayer
0.90_rc4:_rc4
mplayermplayer
0.91
mplayermplayer
0.92
mplayermplayer
0.92.1
mplayermplayer
0.92_cvs:_cvs
mplayermplayer
1.0_pre1:_pre1
mplayermplayer
1.0_pre2:_pre2
mplayermplayer
1.0_pre3:_pre3
mplayermplayer
1.0_pre3try2:_pre3try2
mplayermplayer
1.0_pre4:_pre4
mplayermplayer
1.0_pre5:_pre5
mplayermplayer
1.0_pre5try1:_pre5try1
mplayermplayer
1.0_pre5try2:_pre5try2
mplayermplayer
1.0_pre6:_pre6
mplayermplayer
1.0_pre7:_pre7
mplayermplayer
1.0_pre7try2:_pre7try2
mplayermplayer
1.0_rc1:_rc1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mplayer
bullseye
2:1.4+ds1-1+deb11u1
fixed
bookworm
2:1.5+svn38408-1
fixed
sid
2:1.5+svn38542-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mplayer
intrepid
not-affected
hardy
Fixed 2:1.0~rc2-0ubuntu13.1
released
gutsy
Fixed 2:1.0~rc1-0ubuntu13.3
released
feisty
ignored
dapper
Fixed 2:0.99+1.0pre7try2+cvs20060117-0ubuntu8.3
released
Common Weakness Enumeration
References
http://secunia.com/advisories/32045
http://secunia.com/advisories/32153
http://securityreason.com/securityalert/4326
http://svn.mplayerhq.hu/mplayer/trunk/libmpdemux/demux_real.c?r1=27314&r2=27675
http://www.debian.org/security/2008/dsa-1644
http://www.mandriva.com/security/advisories?name=MDVSA-2008:219
http://www.ocert.org/advisories/ocert-2008-013.html
http://www.securityfocus.com/archive/1/496806/100/0/threaded
http://www.securityfocus.com/bid/31473
http://www.securitytracker.com/id?1020952
http://www.vupen.com/english/advisories/2008/2703
http://secunia.com/advisories/32045
http://secunia.com/advisories/32153
http://securityreason.com/securityalert/4326
http://svn.mplayerhq.hu/mplayer/trunk/libmpdemux/demux_real.c?r1=27314&r2=27675
http://www.debian.org/security/2008/dsa-1644
http://www.mandriva.com/security/advisories?name=MDVSA-2008:219
http://www.ocert.org/advisories/ocert-2008-013.html
http://www.securityfocus.com/archive/1/496806/100/0/threaded
http://www.securityfocus.com/bid/31473
http://www.securitytracker.com/id?1020952
http://www.vupen.com/english/advisories/2008/2703