1. Home
  2. CVE Database
  3. CVE-2007-4938
HIGH · 7.6

CVE-2007-4938

Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .av...

Vulnerability Description

Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.

CVSS Score

7.6

HIGH

AV:N/AC:H/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
AppleMac Os XAll versions
HpHp-UxAll versions
HpTru64All versions
IbmAixAll versions
IbmOs2All versions
LinuxLinux KernelAll versions
MandrakesoftMandrake Linux2007
MicrosoftWindows 2000All versions
MicrosoftWindows 2003 ServerAll versions
MicrosoftWindows 98All versions
MicrosoftWindows MeAll versions
MicrosoftWindows Nt4.0
MicrosoftWindows XpAll versions
Santa Cruz OperationSco UnixAll versions
SunSolarisAll versions
WindriverBsdosAll versions
MplayerMplayer1.0_rc1
SgiIrixAll versions

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2007-4938?

CVE-2007-4938 is a vulnerability with a CVSS score of 7.6 (HIGH). Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .av...

How severe is CVE-2007-4938?

CVE-2007-4938 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-4938?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X, Hp Hp-Ux, Hp Tru64, Ibm Aix, Ibm Os2.