Mencoder
CVE-2022-38851
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function read_meta_record() of mplayer/libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.
AnalysisAI
Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function read_meta_record() of mplayer/libmpdemux/asfheader.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function read_meta_record() of mplayer/libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. Affected products include: Mplayerhq Mencoder, Mplayerhq Mplayer, Debian Debian Linux.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
Certain The MPlayer Project products are vulnerable to Buffer Overflow via function play() of libaf/af.c:639. Rated high
The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config () of llibmpcodec
Certain The MPlayer Project products are vulnerable to Divide By Zero via the function demux_avi_read_packet of libmpdem
Certain The MPlayer Project products are vulnerable to Buffer Overflow via the function mp_unescape03() of libmpdemux/mp
Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mp_getbits() of libmpdemux/mpeg_hdr.
Certain The MPlayer Project products are vulnerable to Divide By Zero via function demux_open_avi() of libmpdemux/demux_
Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demu
Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demu
Certain The MPlayer Project products are vulnerable to Buffer Overflow via function gen_sh_video () of mplayer/libmpdemu
Certain The MPlayer Project products are vulnerable to Buffer Overflow via function asf_init_audio_stream() of libmpdemu
Certain The MPlayer Project products are vulnerable to Buffer Overflow via read_avi_header() of libmpdemux/aviheader.c .
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today