Vulnerability Details CVE-2004-0386
Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.341
EPSS Ranking 96.7%
CVSS Severity
CVSS v2 Score 10.0
References
- http://marc.info/?l=bugtraq&m=108067020624076&w=2
- http://secunia.com/advisories/11259
- http://security.gentoo.org/glsa/glsa-200403-13.xml
- http://www.kb.cert.org/vuls/id/723910
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:026
- http://www.mplayerhq.hu/homepage/design6/news.html
- http://www.securityfocus.com/archive/1/359025
- http://www.securityfocus.com/bid/10008
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15675
- http://marc.info/?l=bugtraq&m=108067020624076&w=2
- http://secunia.com/advisories/11259
- http://security.gentoo.org/glsa/glsa-200403-13.xml
- http://www.kb.cert.org/vuls/id/723910
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:026
- http://www.mplayerhq.hu/homepage/design6/news.html
- http://www.securityfocus.com/archive/1/359025
- http://www.securityfocus.com/bid/10008
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15675
Products affected by CVE-2004-0386
-
cpe:2.3:a:mplayer:mplayer:0.90
-
cpe:2.3:a:mplayer:mplayer:0.90_pre
-
cpe:2.3:a:mplayer:mplayer:0.90_rc
-
cpe:2.3:a:mplayer:mplayer:0.91
-
cpe:2.3:a:mplayer:mplayer:1.0_pre1
-
cpe:2.3:a:mplayer:mplayer:1.0_pre2
-
cpe:2.3:a:mplayer:mplayer:1.0_pre3
-
cpe:2.3:o:gentoo:linux:0.5
-
cpe:2.3:o:gentoo:linux:0.7
-
cpe:2.3:o:gentoo:linux:1.1a
-
cpe:2.3:o:gentoo:linux:1.2
-
cpe:2.3:o:gentoo:linux:1.4
-
cpe:2.3:o:mandrakesoft:mandrake_linux:10.0
-
cpe:2.3:o:mandrakesoft:mandrake_linux:9.2