Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6718

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-6718
Last Modified 20 Oct 2008 12:00:00
Published 20 Oct 2008 01:59:23
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6718

Summary

MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as demonstrated by lol-mplayer.aac. NOTE: vector 5 might overlap CVE-2007-4938, and vector 6 might overlap CVE-2008-0486.

Vulnerable Systems

Application

  • Mplayer 0.90

  • Mplayer 0.90 Pre

  • Mplayer 0.90 Rc

  • Mplayer 0.90 Rc4

  • Mplayer 0.91

  • Mplayer 0.92

  • Mplayer 0.92 Cvs

  • Mplayer 0.92.1

  • Mplayer 1.0 Pre1

  • Mplayer 1.0 Pre2

  • Mplayer 1.0 Pre3

  • Mplayer 1.0 Pre3try2

  • Mplayer 1.0 Pre4

  • Mplayer 1.0 Pre5

  • Mplayer 1.0 Pre5try1

  • Mplayer 1.0 Pre5try2

  • Mplayer 1.0 Pre6

  • Mplayer 1.0 Pre7

  • Mplayer 1.0 Pre7try2

  • Mplayer 1.0 Rc1


References

MLIST - [oss-security] 20081007 CVE request: crashers / potential security risks in mplayer

MISC - http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities


Last Updated: 27 May 2016 10:46:36