Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.
2007-09-18T19:17:00.000
2025-04-09T00:30:58.490
Deferred
CVSSv2: 7.6 (HIGH)
AV:N/AC:H/Au:N/C:C/I:C/A:C
4.9
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | apple | mac_os_x | * | No |
| Operating System | hp | hp-ux | * | No |
| Operating System | hp | tru64 | * | No |
| Operating System | ibm | aix | * | No |
| Operating System | ibm | os2 | * | No |
| Operating System | linux | linux_kernel | * | No |
| Operating System | mandrakesoft | mandrake_linux | 2007 | No |
| Operating System | mandrakesoft | mandrake_linux | 2007 | No |
| Operating System | mandrakesoft | mandrake_linux | 2007.1 | No |
| Operating System | mandrakesoft | mandrake_linux | 2007.1 | No |
| Operating System | microsoft | windows_2000 | * | No |
| Operating System | microsoft | windows_2003_server | * | No |
| Operating System | microsoft | windows_98 | * | No |
| Operating System | microsoft | windows_me | * | No |
| Operating System | microsoft | windows_nt | 4.0 | No |
| Operating System | microsoft | windows_xp | * | No |
| Operating System | santa_cruz_operation | sco_unix | * | No |
| Operating System | sun | solaris | * | No |
| Operating System | windriver | bsdos | * | No |
| Application | mplayer | mplayer | 1.0_rc1 | Yes |
| Operating System | sgi | irix | * | Yes |