Vulnerability Name:

CVE-2007-6718 (CCN-46059)

Assigned:2007-01-16
Published:2007-01-16
Updated:2008-10-20
Summary:MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as demonstrated by lol-mplayer.aac.
Note: vector 5 might overlap CVE-2007-4938, and vector 6 might overlap CVE-2008-0486.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.9 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:F/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
2.3 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:F/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2007-6718

Source: CCN
Type: Sam Hocevar’s .plan Web site
Exposing file parsing vulnerabilities

Source: MISC
Type: UNKNOWN
http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities

Source: CCN
Type: MPlayer Web site
Download

Source: CCN
Type: oss-security Mailing List, Tue, 7 Oct 2008 12:50:41 +0200
CVE request: crashers / potential security risks in mplayer

Source: MLIST
Type: UNKNOWN
[oss-security] 20081007 CVE request: crashers / potential security risks in mplayer

Source: CCN
Type: OSVDB ID: 49423
MPlayer Malformed AAC File Handling DoS

Source: CCN
Type: OSVDB ID: 49424
MPlayer Malformed OGM File Handling DoS

Source: XF
Type: UNKNOWN
mplayer-multiple-dos(46059)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mplayer:mplayer:0.90:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.90_pre:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.90_rc:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.90_rc4:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.91:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.92:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.92.1:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.92_cvs:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre1:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre2:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre3:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre3try2:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre4:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre5:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre5try1:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre5try2:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre6:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre7:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre7try2:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:*:*:*:*:*:*:*:* (Version <= 1.0_rc1)

  • Configuration CCN 1:
  • cpe:/a:mplayer:mplayer:0.90_pre:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.90_rc:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.90:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.91:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre1:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre2:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre3:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre4:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre5:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre7:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre7try2:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre3try2:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre5try1:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre6:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.92.1:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.92_cvs:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.92:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.90_rc4:*:*:*:*:*:*:*
  • AND
  • cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*
  • OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.precise:def:20076718000
    V
    CVE-2007-6718 on Ubuntu 12.04 LTS (precise) - low.
    2008-10-20
    oval:com.ubuntu.trusty:def:20076718000
    V
    CVE-2007-6718 on Ubuntu 14.04 LTS (trusty) - low.
    2008-10-20
    oval:com.ubuntu.xenial:def:20076718000
    V
    CVE-2007-6718 on Ubuntu 16.04 LTS (xenial) - low.
    2008-10-20
    oval:com.ubuntu.xenial:def:200767180000000
    V
    CVE-2007-6718 on Ubuntu 16.04 LTS (xenial) - low.
    2008-10-20
    BACK
    mplayer mplayer 0.90
    mplayer mplayer 0.90_pre
    mplayer mplayer 0.90_rc
    mplayer mplayer 0.90_rc4
    mplayer mplayer 0.91
    mplayer mplayer 0.92
    mplayer mplayer 0.92.1
    mplayer mplayer 0.92_cvs
    mplayer mplayer 1.0_pre1
    mplayer mplayer 1.0_pre2
    mplayer mplayer 1.0_pre3
    mplayer mplayer 1.0_pre3try2
    mplayer mplayer 1.0_pre4
    mplayer mplayer 1.0_pre5
    mplayer mplayer 1.0_pre5try1
    mplayer mplayer 1.0_pre5try2
    mplayer mplayer 1.0_pre6
    mplayer mplayer 1.0_pre7
    mplayer mplayer 1.0_pre7try2
    mplayer mplayer *
    mplayer mplayer 0.90_pre
    mplayer mplayer 0.90_rc
    mplayer mplayer 0.90
    mplayer mplayer 0.91
    mplayer mplayer 1.0_pre1
    mplayer mplayer 1.0_pre2
    mplayer mplayer 1.0_pre3
    mplayer mplayer 1.0_pre4
    mplayer mplayer 1.0_pre5
    mplayer mplayer 1.0_pre7
    mplayer mplayer 1.0_pre7try2
    mplayer mplayer 1.0_rc1
    mplayer mplayer 1.0_pre3try2
    mplayer mplayer 1.0_pre5try1
    mplayer mplayer 1.0_pre6
    mplayer mplayer 0.92.1
    mplayer mplayer 0.92_cvs
    mplayer mplayer 0.92
    mplayer mplayer 0.90_rc4
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2008.0
    mandriva linux 2009.0
    mandriva linux 2009.0 -
    mandriva enterprise server 5
    mandriva enterprise server 5