Vulnerabilities > Mplayer > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-12-17 | CVE-2008-5616 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mplayer Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file. | 10.0 |
| 2008-11-01 | CVE-2008-4869 | Resource Management Errors vulnerability in Ffmpeg FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a "Tcp/udp memory leak." | 10.0 |
| 2008-11-01 | CVE-2008-4868 | Remote Security vulnerability in FFmpeg Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free "on random pointers." | 10.0 |
| 2008-11-01 | CVE-2008-4867 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value. | 10.0 |
| 2008-11-01 | CVE-2008-4866 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY. | 10.0 |
| 2008-09-29 | CVE-2008-3827 | Numeric Errors vulnerability in Mplayer Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or write arbitrary memory. | 9.3 |
| 2008-03-31 | CVE-2008-1558 | Numeric Errors vulnerability in Mplayer 1.0Rc2 Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. | 10.0 |
| 2008-02-05 | CVE-2008-0485 | Numeric Errors vulnerability in Mplayer Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag. | 9.3 |
| 2007-06-07 | CVE-2007-2948 | CDDB Parsing Buffer Overflow vulnerability in Mplayer 1.0Rc1 Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long (1) album title or (2) category. | 9.3 |
| 2005-01-10 | CVE-2004-1311 | Denial-Of-Service vulnerability in Mplayer 1.0Pre5 Integer overflow in the real_setup_and_get_header function in real.c for Unix MPlayer 1.0pre5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a Real RTSP streaming media file with a -1 content-length field, which leads to a heap-based buffer overflow. | 10.0 |