CVE-2022-38853 : Certain The MPlayer Project products are vulnerable to Buffer Overflow via funct

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function asf_init_audio_stream() of libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.

Published 2022-09-15 15:15:10

Updated 2022-09-20 15:04:17

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowMemory Corruption

Products affected by CVE-2022-38853

Mplayerhq » Mplayer » Version: Svn-r38374-13.0.1
cpe:2.3:a:mplayerhq:mplayer:svn-r38374-13.0.1:*:*:*:*:*:*:*
Matching versions
Mplayerhq » Mencoder » Version: Svn-r38374-13.0.1
cpe:2.3:a:mplayerhq:mencoder:svn-r38374-13.0.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-38853

EPSS FAQ

0.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 3 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-38853

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-38853

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-38853

https://trac.mplayerhq.hu/ticket/2398

#2398 (A heap-buffer-overflow occurred in function asf_init_audio_stream() of libmpdemux/asfheader.c) – MPlayer
Exploit;Issue Tracking;Third Party Advisory

Jump to

Vulnerability Details : CVE-2022-38853

Products affected by CVE-2022-38853

Exploit prediction scoring system (EPSS) score for CVE-2022-38853

CVSS scores for CVE-2022-38853

CWE ids for CVE-2022-38853

References for CVE-2022-38853