Vulnerabilities > CVE-2007-6718 - Denial-Of-Service vulnerability in MPlayer

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

mplayer

nessus

NVD

Published: 2008-10-20

Updated: 2008-10-20

Summary

MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as demonstrated by lol-mplayer.aac. NOTE: vector 5 might overlap CVE-2007-4938, and vector 6 might overlap CVE-2008-0486.

Vulnerable Configurations

Part	Description	Count
Application	Mplayer Mplayer Mplayer 0.90 Mplayer Mplayer 0.90_Pre Mplayer Mplayer 0.90_Rc Mplayer Mplayer 0.90_Rc4 Mplayer Mplayer 0.91 Mplayer Mplayer 0.92 Mplayer Mplayer 0.92.1 Mplayer Mplayer 0.92_Cvs Mplayer Mplayer 1.0_Pre1 Mplayer Mplayer 1.0_Pre2 Mplayer Mplayer 1.0_Pre3 Mplayer Mplayer 1.0_Pre3Try2 Mplayer Mplayer 1.0_Pre4 Mplayer Mplayer 1.0_Pre5 Mplayer Mplayer 1.0_Pre5Try1 Mplayer Mplayer 1.0_Pre5Try2 Mplayer Mplayer 1.0_Pre6 Mplayer Mplayer 1.0_Pre7 Mplayer Mplayer 1.0_Pre7Try2 Mplayer Mplayer *	20

Nessus

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2009-335.NASL
description	A vulnerability was discovered and corrected in ffmpeg : MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718 (CVE-2008-4610). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update provides a solution to this vulnerability.
last seen	2020-06-01
modified	2020-06-02
plugin id	43362
published	2009-12-21
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/43362
title	Mandriva Linux Security Advisory : ffmpeg (MDVSA-2009:335)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201310-13.NASL
description	The remote host is affected by the vulnerability described in GLSA-201310-13 (MPlayer: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MPlayer and the bundled FFmpeg. Please review the CVE identifiers and FFmpeg GLSA referenced below for details. Impact : A remote attacker could entice a user to open a crafted media file to execute arbitrary code or cause a Denial of Service. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	70648
published	2013-10-27
reporter	This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/70648
title	GLSA-201310-13 : MPlayer: Multiple vulnerabilities

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2007-192.NASL
description	A heap-based buffer overflow was found in MPlayer
last seen	2020-06-01
modified	2020-06-02
plugin id	26902
published	2007-10-03
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/26902
title	Mandrake Linux Security Advisory : mplayer (MDKSA-2007:192)

Summary

Vulnerable Configurations

Nessus

References