CVE-2007-4938
mplayer - denial of service via crafted .avi file
EPSS 10.3%
Description
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.
How to fix CVE-2007-4938
To remediate CVE-2007-4938, upgrade the affected package to a fixed version below.
- Debian/mplayer—upgrade to 1.0~rc1-16.1 or later
- Debian/mplayer—upgrade to 1.0~rc1-16+lenny1 or later
Is CVE-2007-4938 being exploited?
Moderate — EPSS is 10.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1.0~rc1-16.1
- from 0, < 1.0~rc1-16+lenny1