CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-32317

The MPlayer Project v1.5 was discovered to contain a heap use-after-free resulting in a double free in the preinit function at libvo/vo_v4l2.c. This vulnerability can lead to a Denial of Service (DoS) via a crafted file. The device=strdup statement is not executed on every call. Note: This has been disputed by third parties as invalid and not reproduceable.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.1%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 4.3

References

https://bugs.gentoo.org/show_bug.cgi?id=858107
https://github.com/b17fr13nds/MPlayer_cve_poc
https://transfer.sh/m2WcuM/poc_dup.zip
https://bugs.gentoo.org/show_bug.cgi?id=858107
https://github.com/b17fr13nds/MPlayer_cve_poc
https://transfer.sh/m2WcuM/poc_dup.zip

Products affected by CVE-2022-32317

Mplayerhq » Mplayer » Version: 1.5

cpe:2.3:a:mplayerhq:mplayer:1.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-32317

Products

Pricing

Contact Us