CVE-2008-0485 — mplayer - multiple vulnerabilities

Description

Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag.

How to fix CVE-2008-0485

To remediate CVE-2008-0485, upgrade the affected package to a fixed version below.

Debian/mplayer—upgrade to 1.0~rc2-8 or later
Debian/mplayer—upgrade to 1.0~rc1-12etch2 or later
Debian/mplayer—upgrade to 1.0~rc2-7+lenny1 or later

Is CVE-2008-0485 being exploited?

Moderate — EPSS is 16.3%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (3)

from 0, < 1.0~rc2-8
from 0, < 1.0~rc1-12etch2
from 0, < 1.0~rc2-7+lenny1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-0485