Search for vulnerabilities
Vulnerability details: VCID-sg73-xcjf-aaaq
Vulnerability ID VCID-sg73-xcjf-aaaq
Aliases CVE-2008-5616
Summary Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
epss 0.17936 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.17936 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.17936 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.17936 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.17936 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.17936 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.17936 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.17936 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.17936 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.17936 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.17936 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.17936 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.17936 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.18267 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.18267 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.18267 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.23853 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
epss 0.30642 https://api.first.org/data/v1/epss?cve=CVE-2008-5616
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2008-5616
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2008-5616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5616
http://secunia.com/advisories/33136
http://secunia.com/advisories/34845
http://svn.mplayerhq.hu/mplayer/branches/1.0rc2/libmpdemux/demux_vqf.c?r1=24723&r2=28150&pathrev=28150
http://svn.mplayerhq.hu/mplayer/branches/1.0rc2/libmpdemux/demux_vqf.c?view=log&pathrev=28150#rev28150
http://trapkit.de/advisories/TKADV2008-014.txt
http://www.debian.org/security/2009/dsa-1782
http://www.mandriva.com/security/advisories?name=MDVSA-2009:013
http://www.mandriva.com/security/advisories?name=MDVSA-2009:014
http://www.securityfocus.com/archive/1/499214/100/0/threaded
http://www.securityfocus.com/bid/32822
508803 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508803
cpe:2.3:a:mplayer:mplayer:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mplayer:mplayer:*:*:*:*:*:*:*:*
cpe:2.3:a:mplayer:mplayer:0.90:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mplayer:mplayer:0.90:*:*:*:*:*:*:*
cpe:2.3:a:mplayer:mplayer:0.90_pre:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mplayer:mplayer:0.90_pre:*:*:*:*:*:*:*
cpe:2.3:a:mplayer:mplayer:0.90_rc:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mplayer:mplayer:0.90_rc:*:*:*:*:*:*:*
cpe:2.3:a:mplayer:mplayer:0.90_rc4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mplayer:mplayer:0.90_rc4:*:*:*:*:*:*:*
cpe:2.3:a:mplayer:mplayer:0.91:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mplayer:mplayer:0.91:*:*:*:*:*:*:*
cpe:2.3:a:mplayer:mplayer:0.92:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mplayer:mplayer:0.92:*:*:*:*:*:*:*
cpe:2.3:a:mplayer:mplayer:0.92.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mplayer:mplayer:0.92.1:*:*:*:*:*:*:*
cpe:2.3:a:mplayer:mplayer:0.92_cvs:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mplayer:mplayer:0.92_cvs:*:*:*:*:*:*:*
cpe:2.3:a:mplayer:mplayer:1.0_pre1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mplayer:mplayer:1.0_pre1:*:*:*:*:*:*:*
cpe:2.3:a:mplayer:mplayer:1.0_pre2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mplayer:mplayer:1.0_pre2:*:*:*:*:*:*:*
cpe:2.3:a:mplayer:mplayer:1.0_pre3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mplayer:mplayer:1.0_pre3:*:*:*:*:*:*:*
cpe:2.3:a:mplayer:mplayer:1.0_pre3try2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mplayer:mplayer:1.0_pre3try2:*:*:*:*:*:*:*
cpe:2.3:a:mplayer:mplayer:1.0_pre4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mplayer:mplayer:1.0_pre4:*:*:*:*:*:*:*
cpe:2.3:a:mplayer:mplayer:1.0_pre5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mplayer:mplayer:1.0_pre5:*:*:*:*:*:*:*
cpe:2.3:a:mplayer:mplayer:1.0_pre5try1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mplayer:mplayer:1.0_pre5try1:*:*:*:*:*:*:*
cpe:2.3:a:mplayer:mplayer:1.0_pre5try2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mplayer:mplayer:1.0_pre5try2:*:*:*:*:*:*:*
cpe:2.3:a:mplayer:mplayer:1.0_pre6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mplayer:mplayer:1.0_pre6:*:*:*:*:*:*:*
cpe:2.3:a:mplayer:mplayer:1.0_pre7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mplayer:mplayer:1.0_pre7:*:*:*:*:*:*:*
cpe:2.3:a:mplayer:mplayer:1.0_pre7try2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mplayer:mplayer:1.0_pre7try2:*:*:*:*:*:*:*
CVE-2008-5616 https://nvd.nist.gov/vuln/detail/CVE-2008-5616
GLSA-200901-07 https://security.gentoo.org/glsa/200901-07
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2008-5616
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.96284
EPSS Score 0.17936
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.