Vulnerability Details : CVE-2008-5616

Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file.

Vulnerability category: OverflowExecute code

Published 2008-12-17 01:30:01

Updated 2018-10-11 20:56:14

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2008-5616

Probability of exploitation activity in the next 30 days: 17.94%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-5616

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-5616

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: [email protected] (Primary)

References for CVE-2008-5616

Products affected by CVE-2008-5616

Mplayer » Mplayer
Versions up to, including, (<=) 1.0_rc1
cpe:2.3:a:mplayer:mplayer:*:*:*:*:*:*:*:*
Matching versions
Mplayer » Mplayer » Version: 1.0 Pre1
cpe:2.3:a:mplayer:mplayer:1.0_pre1:*:*:*:*:*:*:*
Matching versions
Mplayer » Mplayer » Version: 0.90 Rc4
cpe:2.3:a:mplayer:mplayer:0.90_rc4:*:*:*:*:*:*:*
Matching versions
Mplayer » Mplayer » Version: 0.91
cpe:2.3:a:mplayer:mplayer:0.91:*:*:*:*:*:*:*
Matching versions
Mplayer » Mplayer » Version: 0.90
cpe:2.3:a:mplayer:mplayer:0.90:*:*:*:*:*:*:*
Matching versions
Mplayer » Mplayer » Version: 0.90 Pre
cpe:2.3:a:mplayer:mplayer:0.90_pre:*:*:*:*:*:*:*
Matching versions
Mplayer » Mplayer » Version: 0.90 Rc
cpe:2.3:a:mplayer:mplayer:0.90_rc:*:*:*:*:*:*:*
Matching versions
Mplayer » Mplayer » Version: 1.0 Pre2
cpe:2.3:a:mplayer:mplayer:1.0_pre2:*:*:*:*:*:*:*
Matching versions
Mplayer » Mplayer » Version: 1.0 Pre3
cpe:2.3:a:mplayer:mplayer:1.0_pre3:*:*:*:*:*:*:*
Matching versions
Mplayer » Mplayer » Version: 1.0 Pre3try2
cpe:2.3:a:mplayer:mplayer:1.0_pre3try2:*:*:*:*:*:*:*
Matching versions
Mplayer » Mplayer » Version: 0.92 Cvs
cpe:2.3:a:mplayer:mplayer:0.92_cvs:*:*:*:*:*:*:*
Matching versions
Mplayer » Mplayer » Version: 0.92
cpe:2.3:a:mplayer:mplayer:0.92:*:*:*:*:*:*:*
Matching versions
Mplayer » Mplayer » Version: 0.92.1
cpe:2.3:a:mplayer:mplayer:0.92.1:*:*:*:*:*:*:*
Matching versions
Mplayer » Mplayer » Version: 1.0 Pre4
cpe:2.3:a:mplayer:mplayer:1.0_pre4:*:*:*:*:*:*:*
Matching versions
Mplayer » Mplayer » Version: 1.0 Pre5try1
cpe:2.3:a:mplayer:mplayer:1.0_pre5try1:*:*:*:*:*:*:*
Matching versions
Mplayer » Mplayer » Version: 1.0 Pre5try2
cpe:2.3:a:mplayer:mplayer:1.0_pre5try2:*:*:*:*:*:*:*
Matching versions
Mplayer » Mplayer » Version: 1.0 Pre5
cpe:2.3:a:mplayer:mplayer:1.0_pre5:*:*:*:*:*:*:*
Matching versions
Mplayer » Mplayer » Version: 1.0 Pre6
cpe:2.3:a:mplayer:mplayer:1.0_pre6:*:*:*:*:*:*:*
Matching versions
Mplayer » Mplayer » Version: 1.0 Pre7
cpe:2.3:a:mplayer:mplayer:1.0_pre7:*:*:*:*:*:*:*
Matching versions
Mplayer » Mplayer » Version: 1.0 Pre7try2
cpe:2.3:a:mplayer:mplayer:1.0_pre7try2:*:*:*:*:*:*:*
Matching versions