cpe:/a:mplayer:mplayer:1.02rc2 cpe:/a:xine:xine-lib:1.1.10 CVE-2008-0486 2008-02-05T07:00:00.000-05:00 2011-03-07T22:04:47.393-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-02-05T13:35:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability BID 27441 SECUNIA 28779 SECUNIA 28801 SECUNIA 28918 SECUNIA 28955 SECUNIA 28956 SECUNIA 28989 SECUNIA 29141 SECUNIA 29307 SECUNIA 29323 SECUNIA 29601 SECUNIA 31393 SREASON 3608 VUPEN ADV-2008-0406 VUPEN ADV-2008-0421 DEBIAN DSA-1496 DEBIAN DSA-1536 FEDORA FEDORA-2008-1543 FEDORA FEDORA-2008-1581 GENTOO GLSA-200802-12 GENTOO GLSA-200803-16 MANDRIVA MDVSA-2008:045 MANDRIVA MDVSA-2008:046 SUSE SUSE-SR:2008:006 UBUNTU USN-635-1 CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=209106 CONFIRM http://bugs.xine-project.org/show_bug.cgi?id=38 CONFIRM http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735 MISC http://www.coresecurity.com/?action=item&id=2103 CONFIRM http://www.mplayerhq.hu/design7/news.html CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=431541 Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.