CVE-2007-1246
EPSS 9.3%xine-lib - several vulnerabilities
Published: 3/3/2007Modified: 3/9/2026
Description
The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1387.
Affected packages (2)
- Debian/mplayerfrom 0, < 1.0~rc1-13
- Debian/xine-libfrom 0, < 1.0.1-1sarge7