Vulnerability Name:

CVE-2008-5616 (CCN-47331)

Assigned:2008-12-14
Published:2008-12-14
Updated:2018-10-11
Summary:Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.8 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2008-5616

Source: CCN
Type: SA33136
MPlayer TwinVQ Processing Buffer Overflow Vulnerability

Source: SECUNIA
Type: Vendor Advisory
33136

Source: SECUNIA
Type: UNKNOWN
34845

Source: CCN
Type: MPlayer SVN Repository
Diff of /branches/1.0rc2/libmpdemux/demux_vqf.c

Source: CONFIRM
Type: UNKNOWN
http://svn.mplayerhq.hu/mplayer/branches/1.0rc2/libmpdemux/demux_vqf.c?r1=24723&r2=28150&pathrev=28150

Source: CONFIRM
Type: UNKNOWN
http://svn.mplayerhq.hu/mplayer/branches/1.0rc2/libmpdemux/demux_vqf.c?view=log&pathrev=28150#rev28150

Source: CCN
Type: TKADV2008-014
MPlayer TwinVQ Processing Stack Buffer Overflow Vulnerability

Source: MISC
Type: UNKNOWN
http://trapkit.de/advisories/TKADV2008-014.txt

Source: DEBIAN
Type: UNKNOWN
DSA-1782

Source: DEBIAN
Type: DSA-1782
mplayer -- several vulnerabilities

Source: CCN
Type: GLSA-200901-07
MPlayer: Multiple vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:013

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:014

Source: CCN
Type: MPlayer Web site
MPlayer - The Movie Player

Source: CCN
Type: OSVDB ID: 50838
MPlayer libmpdemux/demux_vqf.c demux_open_vqf Function Malformed TwinVQ File Handling Overflow

Source: BUGTRAQ
Type: UNKNOWN
20081214 [TKADV2008-014] MPlayer TwinVQ Processing Stack Buffer Overflow Vulnerability

Source: BID
Type: UNKNOWN
32822

Source: CCN
Type: BID-32822
MPlayer TwinVQ Handling Stack Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
mplayer-demuxopenvqf-bo(47331)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mplayer:mplayer:0.90:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.90_pre:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.90_rc:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.90_rc4:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.91:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.92:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.92.1:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:0.92_cvs:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre1:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre2:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre3:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre3try2:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre4:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre5:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre5try1:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre5try2:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre6:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre7:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:1.0_pre7try2:*:*:*:*:*:*:*
  • OR cpe:/a:mplayer:mplayer:*:*:*:*:*:*:*:* (Version <= 1.0_rc1)

    • Configuration CCN 1:
  • cpe:/a:mplayer:mplayer:1.0_rc2:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:12883
    P
    		DSA-1782-1 mplayer -- several vulnerabilities
    2014-06-23
    oval:org.debian:def:1782
    V
    		several vulnerabilities
    2009-04-29
    BACK
    mplayer mplayer 0.90
    mplayer mplayer 0.90_pre
    mplayer mplayer 0.90_rc
    mplayer mplayer 0.90_rc4
    mplayer mplayer 0.91
    mplayer mplayer 0.92
    mplayer mplayer 0.92.1
    mplayer mplayer 0.92_cvs
    mplayer mplayer 1.0_pre1
    mplayer mplayer 1.0_pre2
    mplayer mplayer 1.0_pre3
    mplayer mplayer 1.0_pre3try2
    mplayer mplayer 1.0_pre4
    mplayer mplayer 1.0_pre5
    mplayer mplayer 1.0_pre5try1
    mplayer mplayer 1.0_pre5try2
    mplayer mplayer 1.0_pre6
    mplayer mplayer 1.0_pre7
    mplayer mplayer 1.0_pre7try2
    mplayer mplayer *
    mplayer mplayer 1.0_rc2
    gentoo linux *
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2008.1 x86_64
    mandrakesoft mandrake linux 2008.1
    mandriva linux 2009.0
    mandriva linux 2009.0 -