Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2007-1387

Published: 13/03/2007 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 10 | Exploitability Score: 3.2
VMScore: 605
Vector: AV:N/AC:H/Au:M/C:C/I:C/A:C
Subscribe to Mplayer

Vulnerability Summary

The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer 1.0rc1 and previous versions, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote malicious users to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1246.

Vulnerable Product Search on Vulmon Subscribe to Product

mplayer mplayer

Vendor Advisories

Ubuntu Security Notice: xine-lib vulnerability
Moritz Jodeit discovered that the DirectShow loader of Xine did not correctly validate the size of an allocated buffer By tricking a user into opening a specially crafted media file, an attacker could execute arbitrary code with the user’s privileges ...
Debian Security Advisories: DSA-1536-1 libxine -- several vulnerabilities
Several local vulnerabilities have been discovered in Xine, a media player library, allowed for a denial of service or arbitrary code execution, which could be exploited through viewing malicious content The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1246 / CVE-2007-1387 The DMO_VideoDecoder_Open ...

References

NVD-CWE-Otherhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414072http://secunia.com/advisories/24462http://www.securityfocus.com/bid/22933http://secunia.com/advisories/24444http://security.gentoo.org/glsa/glsa-200705-21.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:061http://www.mandriva.com/security/advisories?name=MDKSA-2007:062http://secunia.com/advisories/25462http://secunia.com/advisories/24443http://www.debian.org/security/2008/dsa-1536http://secunia.com/advisories/29601https://usn.ubuntu.com/435-1/http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414072%3Bmsg=12%3Bfilename=DS_VideoDecoder.c---SVN--22205.patch%3Batt=1https://usn.ubuntu.com/435-1/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook