CVE-2008-5616

Summary

CVE	CVE-2008-5616
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2008-12-17 01:30:00 UTC
Updated	2018-10-11 20:56:00 UTC
Description	Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file.

Risk And Classification

Problem Types: CWE-119

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Mplayer	Mplayer	0.90	All	All	All
Application	Mplayer	Mplayer	0.90_pre	All	All	All
Application	Mplayer	Mplayer	0.90_rc	All	All	All
Application	Mplayer	Mplayer	0.90_rc4	All	All	All
Application	Mplayer	Mplayer	0.91	All	All	All
Application	Mplayer	Mplayer	0.92	All	All	All
Application	Mplayer	Mplayer	0.92.1	All	All	All
Application	Mplayer	Mplayer	0.92_cvs	All	All	All
Application	Mplayer	Mplayer	1.0_pre1	All	All	All
Application	Mplayer	Mplayer	1.0_pre2	All	All	All
Application	Mplayer	Mplayer	1.0_pre3	All	All	All
Application	Mplayer	Mplayer	1.0_pre3try2	All	All	All
Application	Mplayer	Mplayer	1.0_pre4	All	All	All
Application	Mplayer	Mplayer	1.0_pre5	All	All	All
Application	Mplayer	Mplayer	1.0_pre5try1	All	All	All
Application	Mplayer	Mplayer	1.0_pre5try2	All	All	All
Application	Mplayer	Mplayer	1.0_pre6	All	All	All
Application	Mplayer	Mplayer	1.0_pre7	All	All	All
Application	Mplayer	Mplayer	1.0_pre7try2	All	All	All
Application	Mplayer	Mplayer	0.90	All	All	All
Application	Mplayer	Mplayer	0.90_pre	All	All	All
Application	Mplayer	Mplayer	0.90_rc	All	All	All
Application	Mplayer	Mplayer	0.90_rc4	All	All	All
Application	Mplayer	Mplayer	0.91	All	All	All
Application	Mplayer	Mplayer	0.92	All	All	All
Application	Mplayer	Mplayer	0.92.1	All	All	All
Application	Mplayer	Mplayer	0.92_cvs	All	All	All
Application	Mplayer	Mplayer	1.0_pre1	All	All	All
Application	Mplayer	Mplayer	1.0_pre2	All	All	All
Application	Mplayer	Mplayer	1.0_pre3	All	All	All
Application	Mplayer	Mplayer	1.0_pre3try2	All	All	All
Application	Mplayer	Mplayer	1.0_pre4	All	All	All
Application	Mplayer	Mplayer	1.0_pre5	All	All	All
Application	Mplayer	Mplayer	1.0_pre5try1	All	All	All
Application	Mplayer	Mplayer	1.0_pre5try2	All	All	All
Application	Mplayer	Mplayer	1.0_pre6	All	All	All
Application	Mplayer	Mplayer	1.0_pre7	All	All	All
Application	Mplayer	Mplayer	1.0_pre7try2	All	All	All
Application	Mplayer	Mplayer	All	All	All	All

References

Reference	Source	Link	Tags
Debian -- Security Information -- DSA-1782-1 mplayer	DEBIAN	www.debian.org
MPlayer TwinVQ Handling Stack Buffer Overflow Vulnerability	BID	www.securityfocus.com
404 Not Found	CONFIRM	svn.mplayerhq.hu
Debian update for mplayer - Secunia Advisories - Vulnerability Information - Secunia.com	SECUNIA	secunia.com
SecurityFocus	BUGTRAQ	www.securityfocus.com
404 Not Found	CONFIRM	svn.mplayerhq.hu
Support / Security / Advisories / / MDVSA-2009:013 \| Mandriva	MANDRIVA	www.mandriva.com
MPlayer TwinVQ Processing Buffer Overflow Vulnerability - Advisories - Community	SECUNIA	secunia.com	Vendor Advisory
trapkit.de/advisories/TKADV2008-014.txt	MISC	trapkit.de
Advisories \| Mandriva	MANDRIVA	www.mandriva.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.