Vulnerability Description
MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as demonstrated by lol-mplayer.aac. NOTE: vector 5 might overlap CVE-2007-4938, and vector 6 might overlap CVE-2008-0486.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mplayer | Mplayer | <= 1.0_rc1 |
References
- http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities
- http://www.openwall.com/lists/oss-security/2008/10/07/1
- http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities
- http://www.openwall.com/lists/oss-security/2008/10/07/1
FAQ
What is CVE-2007-6718?
CVE-2007-6718 is a vulnerability with a CVSS score of 4.3 (MEDIUM). MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vor...
How severe is CVE-2007-6718?
CVE-2007-6718 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6718?
Check the references section above for vendor advisories and patch information. Affected products include: Mplayer Mplayer.