Published: 18/05/2021 Updated: 20/05/2022

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

A format string vulnerability in mpv up to and including 0.33.0 allows user-assisted remote malicious users to achieve code execution via a crafted m3u playlist file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mpv mpv

Debian Bug report logs - #986839 mpv: New upstream version 0331 fixes CVE-2021-30145 Package: mpv; Maintainer for mpv is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for mpv is src:mpv (PTS, buildd, popcon) Reported by: Wessel Dankers <wsl-debbugs-mpv@fruitje> Date: Mon, 12 Apr 2021 1 ...

A security issue was found in mpv before version 0331 An unverified format string, provided by the user as part of mf:// URI, could result in undefined behavior or a buffer overflow ...

CWE-134 https://devel0pment.de/?p=2217 https://github.com/mpv-player/mpv/releases/tag/v0.33.1 https://mpv.io https://github.com/mpv-player/mpv/commit/d0c530919d8cd4d7a774e38ab064e0fabdae34e6 https://security.gentoo.org/glsa/202107-46 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986839 https://nvd.nist.gov https://security.archlinux.org/CVE-2021-30145

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-30145

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect