CVE-2007-4938
EPSS 10.3%mplayer - denial of service via crafted .avi file
Published: 9/18/2007Modified: 4/28/2026
Description
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.
Affected packages (2)
- Debian/mplayerfrom 0, < 1.0~rc1-16.1
- Debian/mplayerfrom 0, < 1.0~rc1-16+lenny1