Vulnerability CVE-2007-6718

Vulnerability Name:

CVE-2007-6718 (CCN-46059)

Assigned:

2007-01-16

Published:

2007-01-16

Updated:

2008-10-20

Summary:

MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as demonstrated by lol-mplayer.aac.
Note: vector 5 might overlap CVE-2007-4938, and vector 6 might overlap CVE-2008-0486.

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.9 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:F/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
2.3 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:F/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2007-6718

Source: CCN
Type: Sam Hocevars .plan Web site
Exposing file parsing vulnerabilities

Source: MISC
Type: UNKNOWN
http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities

Source: CCN
Type: MPlayer Web site
Download

Source: CCN
Type: oss-security Mailing List, Tue, 7 Oct 2008 12:50:41 +0200
CVE request: crashers / potential security risks in mplayer

Source: MLIST
Type: UNKNOWN
[oss-security] 20081007 CVE request: crashers / potential security risks in mplayer

Source: CCN
Type: OSVDB ID: 49423
MPlayer Malformed AAC File Handling DoS

Source: CCN
Type: OSVDB ID: 49424
MPlayer Malformed OGM File Handling DoS

Source: XF
Type: UNKNOWN
mplayer-multiple-dos(46059)

Vulnerable Configuration:

Configuration 1:

cpe:/a:mplayer:mplayer:0.90:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.90_pre:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.90_rc:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.90_rc4:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.91:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.92:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.92.1:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.92_cvs:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre1:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre2:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre3:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre3try2:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre4:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre5:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre5try1:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre5try2:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre6:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre7:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre7try2:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:*:*:*:*:*:*:*:* (Version <= 1.0_rc1)

Configuration CCN 1:

cpe:/a:mplayer:mplayer:0.90_pre:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.90_rc:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.90:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.91:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre1:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre2:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre3:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre4:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre5:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre7:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre7try2:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_rc1:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre3try2:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre5try1:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:1.0_pre6:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.92.1:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.92_cvs:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.92:*:*:*:*:*:*:*

OR cpe:/a:mplayer:mplayer:0.90_rc4:*:*:*:*:*:*:*

AND

cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.ubuntu.precise:def:20076718000	V	CVE-2007-6718 on Ubuntu 12.04 LTS (precise) - low.	2008-10-20
oval:com.ubuntu.trusty:def:20076718000	V	CVE-2007-6718 on Ubuntu 14.04 LTS (trusty) - low.	2008-10-20
oval:com.ubuntu.xenial:def:20076718000	V	CVE-2007-6718 on Ubuntu 16.04 LTS (xenial) - low.	2008-10-20
oval:com.ubuntu.xenial:def:200767180000000	V	CVE-2007-6718 on Ubuntu 16.04 LTS (xenial) - low.	2008-10-20

BACK