Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2008-3827

Published: 29/09/2008 Updated: 11/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Mplayer

Vulnerability Summary

Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and previous versions allow remote malicious users to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or write arbitrary memory.

Vulnerable Product Search on Vulmon Subscribe to Product

mplayer mplayer 1.0_rc1

mplayer mplayer 1.0_pre2

mplayer mplayer 1.0_pre6

mplayer mplayer 1.0_pre7

mplayer mplayer 0.90_rc4

mplayer mplayer 0.90_rc

mplayer mplayer 1.0_pre4

mplayer mplayer 1.0_pre5

mplayer mplayer 1.0_pre1

mplayer mplayer 0.92_cvs

mplayer mplayer

mplayer mplayer 1.0_pre5try1

mplayer mplayer 1.0_pre5try2

mplayer mplayer 0.92

mplayer mplayer 0.91

mplayer mplayer 1.0_pre3

mplayer mplayer 1.0_pre3try2

mplayer mplayer 1.0_pre7try2

mplayer mplayer 0.92.1

mplayer mplayer 0.90_pre

mplayer mplayer 0.90

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2008-3827: integer overflows
Debian Bug report logs - #500683 CVE-2008-3827: integer overflows Package: mplayer; Maintainer for mplayer is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for mplayer is src:mplayer (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Tue, 30 Sep 2008 11 ...
Debian Security Advisories: DSA-1644-1 mplayer -- integer overflow
Felipe Andres Manzano discovered that mplayer, a multimedia player, is vulnerable to several integer overflows in the Real video stream demuxing code These flaws could allow an attacker to cause a denial of service (a crash) or potentially execution of arbitrary code by supplying a maliciously crafted video file For the stable distribution (etch) ...

References

CWE-189http://www.ocert.org/advisories/ocert-2008-013.htmlhttp://www.debian.org/security/2008/dsa-1644http://secunia.com/advisories/32153http://www.securitytracker.com/id?1020952http://www.securityfocus.com/bid/31473http://svn.mplayerhq.hu/mplayer/trunk/libmpdemux/demux_real.c?r1=27314&r2=27675http://secunia.com/advisories/32045http://securityreason.com/securityalert/4326http://www.mandriva.com/security/advisories?name=MDVSA-2008:219http://www.vupen.com/english/advisories/2008/2703http://www.securityfocus.com/archive/1/496806/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500683https://nvd.nist.govhttps://www.debian.org/security/./dsa-1644
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook