CVE-2007-4938 - Vulnerability Details

Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X
Hp	Hp-ux Tru64
Ibm	Aix Os2
Linux	Linux Kernel
Mandrakesoft	Mandrake Linux
Microsoft	Windows 2000 Windows 2003 Server Windows 98 Windows Me Windows Nt Windows Xp
Mplayer	Mplayer
Santa Cruz Operation	Sco Unix
Sgi	Irix
Sun	Solaris
Windriver	Bsdos

Configuration 1 [-]

AND

OR	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:hp:hp-ux::::::::
	cpe:2.3:o:hp:tru64::::::::
	cpe:2.3:o:ibm:aix::::::::
	cpe:2.3:o:ibm:os2::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:mandrakesoft:mandrake_linux:2007:::::::*
	cpe:2.3:o:mandrakesoft:mandrake_linux:2007::x86_64:::::
	cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:::::::*
	cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1::x86_64:::::
	cpe:2.3:o:microsoft:windows_2000::::::::
	cpe:2.3:o:microsoft:windows_2003_server::::::::
	cpe:2.3:o:microsoft:windows_98::::::::
	cpe:2.3:o:microsoft:windows_me::::::::
	cpe:2.3:o:microsoft:windows_nt:4.0:::::::*
	cpe:2.3:o:microsoft:windows_xp::::::::
	cpe:2.3:o:santa_cruz_operation:sco_unix::::::::
	cpe:2.3:o:sun:solaris::::::::
	cpe:2.3:o:windriver:bsdos::::::::

OR	cpe:2.3:a:mplayer:mplayer:1.0_rc1:::::::*
	cpe:2.3:o:sgi:irix::::::::

No data.

References

Link	Providers
http://osvdb.org/45940
http://secunia.com/advisories/27016
http://securityreason.com/securityalert/3144
http://www.mandriva.com/security/advisories?name=MDKSA-2007:192
http://www.securityfocus.com/archive/1/479222/100/0/threaded
http://www.securityfocus.com/bid/25648
http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/36581

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-09-18T19:00:00.000Z

Updated: 2024-08-07T15:17:27.081Z

Reserved: 2007-09-18T00:00:00.000Z

Link: CVE-2007-4938

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-09-18T19:17:00.000

Modified: 2026-04-23T00:35:47.467

Link: CVE-2007-4938

Redhat

No data.

Metrics

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object