CVE-2007-1387 — Vulnetix

Try Vulnetix Request Demo

CVE-2007-1387 PUBLISHED CVSS 6.800000190734863 MEDIUM

The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1246.

EPSS 5.11% · 89.8th percentile

Risk Scores

CVSS v2.0

6.800000190734863

EPSS Score

5.11%

89.8th percentile

Affected Products

Vendor	Product	Versions
mplayer	mplayer	0
n/a	n/a	*

Timeline

Mar 13, 2007 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Sep 23, 2023 EPSS Score
Oct 22, 2023 EPSS Score

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414072 url
24462 third-party-advisory
22933 vdb
MDKSA-2007:061 vendor-advisory
29601 third-party-advisory
USN-435-1 vendor-advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414072%3Bmsg=12%3Bfilename=DS_VideoDecoder.c---SVN--22205.patch%3Batt=1 url
MDKSA-2007:062 vendor-advisory
25462 third-party-advisory
DSA-1536 vendor-advisory
24444 third-party-advisory
24443 third-party-advisory
GLSA-200705-21 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2007-1387 advisory
https://usn.ubuntu.com/435-1 url
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414072;msg=12;filename=DS_VideoDecoder.c---SVN--22205.patch;att=1 url

Open in Interactive Console →