Vulnerabilities > CVE-2022-32317 - Use After Free vulnerability in Mplayerhq Mplayer 1.5

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

mplayerhq

CWE-416

NVD

Published: 2022-07-14

Updated: 2024-08-03

Summary

The MPlayer Project v1.5 was discovered to contain a heap use-after-free resulting in a double free in the preinit function at libvo/vo_v4l2.c. This vulnerability can lead to a Denial of Service (DoS) via a crafted file. The device=strdup statement is not executed on every call. Note: This has been disputed by third parties as invalid and not reproduceable.

Vulnerable Configurations

Part	Description	Count
Application	Mplayerhq Mplayerhq Mplayer 1.5	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://transfer.sh/m2WcuM/poc_dup.zip
https://bugs.gentoo.org/show_bug.cgi?id=858107
https://github.com/b17fr13nds/MPlayer_cve_poc