CVE-2007-4938

Published: Sep 18, 2007Modified: Apr 23, 2026

7.6

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Exploitability: 4.9 / Impact: 10.0

Source: NVD

Description

Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.

Affected (2)

Products: Mplayer: Mplayer · Sgi: Irix

1 product

1 product

Configuration A

2 vulnerable · 19 platform

Vulnerable Software	Affected Versions
Mplayer Mplayer	Version 1.0_rc1
Sgi Irix	All versions

Running on/with	Platform Versions
Apple Mac Os X	All versions
Hp Hp Ux	All versions
Hp Tru64	All versions
Ibm Aix	All versions
Ibm Os2	All versions
Linux Linux Kernel	All versions
Mandrakesoft Mandrake Linux	Version 2007.1
Mandrakesoft Mandrake Linux	Version 2007.1
Mandrakesoft Mandrake Linux	Version 2007
Mandrakesoft Mandrake Linux	Version 2007
Microsoft Windows 2000	All versions
Microsoft Windows 2003 Server	All versions
Microsoft Windows 98	All versions
Microsoft Windows Me	All versions
Microsoft Windows Nt	Version 4.0
Microsoft Windows Xp	All versions
Santa Cruz Operation Sco Unix	All versions
Sun Solaris	All versions
Windriver Bsdos	All versions

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (16)

http://osvdb.org/45940

Source: cve@mitre.org

http://secunia.com/advisories/27016

Source: cve@mitre.org

Vendor Advisory

http://securityreason.com/securityalert/3144

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2007:192

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/479222/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/25648

Source: cve@mitre.org

Exploit

http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/36581

Source: cve@mitre.org

http://osvdb.org/45940

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27016

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securityreason.com/securityalert/3144

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDKSA-2007:192

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/479222/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/25648

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/36581

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.