CVE-2008-5616: Buffer Overflow
Published Dec 17, 2008
·Updated
Stack-based buffer overflow in the demuxopenvqf function in libmpdemux/demuxvqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file.
Affected Software
20 affected components
MPlayer MPlayer<=1.0_rc1
MPlayer MPlayer=0.90
MPlayer MPlayer=0.90_pre
MPlayer MPlayer=0.90_rc
MPlayer MPlayer=0.90_rc4
MPlayer MPlayer=0.91
MPlayer MPlayer=0.92
MPlayer MPlayer=0.92.1
MPlayer MPlayer=0.92_cvs
MPlayer MPlayer=1.0_pre1
MPlayer MPlayer=1.0_pre2
MPlayer MPlayer=1.0_pre3
MPlayer MPlayer=1.0_pre3try2
MPlayer MPlayer=1.0_pre4
MPlayer MPlayer=1.0_pre5
MPlayer MPlayer=1.0_pre5try1
MPlayer MPlayer=1.0_pre5try2
MPlayer MPlayer=1.0_pre6
MPlayer MPlayer=1.0_pre7
MPlayer MPlayer=1.0_pre7try2
Event History
Dec 17, 2008
CVE Published
via MITRE·01:00 AM
Data Sourced
via MITRE·01:00 AM
Description
Frequently Asked Questions
1
What is the severity of CVE-2008-5616?
The severity of CVE-2008-5616 is considered critical due to the potential for remote code execution.
2
How do I fix CVE-2008-5616?
To fix CVE-2008-5616, it is recommended to update to a patched version of MPlayer that is newer than 1.0 rc2 r28150.
3
What versions of MPlayer are affected by CVE-2008-5616?
CVE-2008-5616 affects multiple versions of MPlayer including 0.90, 0.90_rc, 0.92, and all versions before 1.0 rc2 r28150.
4
Can CVE-2008-5616 be exploited remotely?
Yes, CVE-2008-5616 can be exploited remotely by attackers through malformed TwinVQ files.
5
What type of vulnerability is CVE-2008-5616?
CVE-2008-5616 is a stack-based buffer overflow vulnerability.