Search for vulnerabilities
Vulnerability details: VCID-4hs6-qm6n-aaaq
Vulnerability ID VCID-4hs6-qm6n-aaaq
Aliases CVE-2008-0485
Summary Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag.
Status Published
Exploitability 2.0
Weighted Severity 8.4
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-189 Numeric Errors
System Score Found at
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.17161 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.18468 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.18468 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.18468 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.1883 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.19845 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.19845 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.19845 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.19845 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.19845 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.19845 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.19845 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.19845 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.19845 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.19845 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.19845 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.19845 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.20213 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.20213 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.20213 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.20213 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.20213 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.20213 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.20213 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.20213 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.22810 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.22810 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.22810 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
epss 0.22810 https://api.first.org/data/v1/epss?cve=CVE-2008-0485
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2008-0485
Reference id Reference type URL
http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060032.html
https://api.first.org/data/v1/epss?cve=CVE-2008-0485
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0485
http://secunia.com/advisories/28779
http://secunia.com/advisories/28955
http://secunia.com/advisories/28956
http://secunia.com/advisories/29307
http://security.gentoo.org/glsa/glsa-200803-16.xml
http://securityreason.com/securityalert/3607
http://www.coresecurity.com/?action=item&id=2102
http://www.debian.org/security/2008/dsa-1496
http://www.mandriva.com/security/advisories?name=MDVSA-2008:045
http://www.mplayerhq.hu/design7/news.html
http://www.securityfocus.com/archive/1/487500/100/0/threaded
http://www.securityfocus.com/bid/27499
http://www.securitytracker.com/id?1019299
http://www.vupen.com/english/advisories/2008/0406/references
464060 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464060
cpe:2.3:a:mplayer:mplayer:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mplayer:mplayer:*:*:*:*:*:*:*:*
CVE-2008-0485 https://nvd.nist.gov/vuln/detail/CVE-2008-0485
CVE-2008-0485;OSVDB-42201 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/31076.py
CVE-2008-0485;OSVDB-42201 Exploit https://www.securityfocus.com/bid/27499/info
GLSA-200803-16 https://security.gentoo.org/glsa/200803-16
Data source Exploit-DB
Date added Feb. 4, 2008
Description MPlayer 1.0rc2 - 'demux_mov.c' Remote Code Execution
Ransomware campaign use Known
Source publication date Feb. 4, 2008
Exploit type remote
Platform linux
Source update date Nov. 23, 2016
Source URL https://www.securityfocus.com/bid/27499/info
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2008-0485
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.94475
EPSS Score 0.17161
Published At April 5, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.