CVE-2007-4938

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 18-09-2007 09:17

Last modified: - 23-01-2023 07:44

Total changes: - 9

Description

Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:H/Au:N/C:C/I:C/A:C

High

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Privileges required

Scope

User interaction

7.6

Base score

4.9

10.0

Exploitability score

Impact score

Verification logic

Reference

http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt
25648-Exploit
MDKSA-2007:192-
27016-Vendor Advisory
3144-
45940-
mplayer-avi-file-bo(36581)-
20070912 CAL-20070912-1 Multiple vendor produce handling AVI file vulnerabilities-

Keywords

CVE-2007-4938

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2007-4938

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures