Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2011-3625

Published: 11/06/2014 Updated: 12/06/2014
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Mplayer2

Vulnerability Summary

Stack-based buffer overflow in the sub_read_line_sami function in subreader.c in MPlayer, as used in SMPlayer 0.6.9, allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a SAMI subtitle file.

Vulnerable Product Search on Vulmon Subscribe to Product

mplayer2 mplayer2 -

ricardo villalba smplayer 0.6.9

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2011-3625: Buffer overflow in SAMI parsing
Debian Bug report logs - #645987 CVE-2011-3625: Buffer overflow in SAMI parsing Package: mplayer; Maintainer for mplayer is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for mplayer is src:mplayer (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Thu, ...

Exploits

Exploit DB: MPlayer - '.SAMI' Subtitle File Buffer Overflow (Metasploit)
## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::F ...

References

CWE-119http://security.gentoo.org/glsa/glsa-201310-13.xmlhttps://labs.mwrinfosecurity.com/system/assets/149/original/mwri_mplayer-sami-subtitles_2011-08-12.pdfhttp://secunia.com/advisories/55486http://git.mplayer2.org/mplayer2/commit/?id=27b88a09c5319deb62221b8cd0ecc14cd1136e4ahttp://www.openwall.com/lists/oss-security/2011/10/18/12https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645987https://nvd.nist.govhttps://www.exploit-db.com/exploits/18954/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook