mplayerhq 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk memory corruption、バッファオーバーフロー, and vendor risk input validation があり、vendor surface software deployment and vendor surface production workloads の利用場面で vendor impact memory corruption、アプリケーションクラッシュ, and vendor impact unexpected behavior などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2022-38851 | Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function read_meta_record() of mplayer/libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. | [email protected] | 5.5 | 0.31% | 2022-09-15 | 2026-06-17 |
| CVE-2022-38850 | The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config () of llibmpcodecs/vf_scale.c. | [email protected] | 5.5 | 0.31% | 2022-09-15 | 2026-06-17 |
| CVE-2022-38600 | Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf_vo.c. | [email protected] | 5.5 | 0.35% | 2022-09-15 | 2026-06-17 |
| CVE-2022-38866 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via read_avi_header() of libmpdemux/aviheader.c . This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. | [email protected] | 5.5 | 0.27% | 2022-09-15 | 2026-06-17 |
| CVE-2022-38865 | Certain The MPlayer Project products are vulnerable to Divide By Zero via the function demux_avi_read_packet of libmpdemux/demux_avi.c. This affects mplyer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. | [email protected] | 5.5 | 0.31% | 2022-09-15 | 2026-06-17 |
| CVE-2022-38864 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via the function mp_unescape03() of libmpdemux/mpeg_hdr.c. This affects mencoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1. | [email protected] | 5.5 | 0.34% | 2022-09-15 | 2026-06-17 |
| CVE-2022-38863 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mp_getbits() of libmpdemux/mpeg_hdr.c which affects mencoder and mplayer. This affects mecoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1. | [email protected] | 5.5 | 0.34% | 2022-09-15 | 2026-06-17 |
| CVE-2022-38862 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function play() of libaf/af.c:639. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. | [email protected] | 7.8 | 0.33% | 2022-09-15 | 2026-06-17 |
| CVE-2022-38861 | The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function free_mp_image() of libmpcodecs/mp_image.c. | [email protected] | 5.5 | 0.31% | 2022-09-15 | 2026-06-17 |
| CVE-2022-38860 | Certain The MPlayer Project products are vulnerable to Divide By Zero via function demux_open_avi() of libmpdemux/demux_avi.c which affects mencoder. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. | [email protected] | 5.5 | 0.31% | 2022-09-15 | 2026-06-17 |
| CVE-2022-38858 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. | [email protected] | 5.5 | 0.34% | 2022-09-15 | 2026-06-17 |
| CVE-2022-38856 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. | [email protected] | 5.5 | 0.29% | 2022-09-15 | 2026-06-17 |
| CVE-2022-38855 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function gen_sh_video () of mplayer/libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. | [email protected] | 5.5 | 0.34% | 2022-09-15 | 2026-06-17 |
| CVE-2022-38853 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function asf_init_audio_stream() of libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. | [email protected] | 5.5 | 0.29% | 2022-09-15 | 2026-06-17 |
| CVE-2022-32317 | The MPlayer Project v1.5 was discovered to contain a heap use-after-free resulting in a double free in the preinit function at libvo/vo_v4l2.c. This vulnerability can lead to a Denial of Service (DoS) via a crafted file. The device=strdup statement is not executed on every call. Note: This has been disputed by third parties as invalid and not reproduceable. | [email protected] | 5.5 | 0.75% | 2022-07-14 | 2026-06-17 |
| CVE-2011-2162 | Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues "originally discovered by Google Chrome developers." | [email protected] | 10.0 | 2.32% | 2011-05-20 | 2026-06-16 |
| CVE-2011-2160 | The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPlayer and other products, does not properly restrict read operations, which allows remote attackers to have an unspecified impact via a crafted VC-1 file, a related issue to CVE-2011-0723. | [email protected] | 9.3 | 1.70% | 2011-05-20 | 2026-06-16 |
| CVE-2011-0722 | FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file. | [email protected] | 6.8 | 4.23% | 2011-05-20 | 2026-06-16 |
| CVE-2010-3908 | FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file. | [email protected] | 6.8 | 2.97% | 2011-05-20 | 2026-06-16 |
| CVE-2010-3429 | flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability." | [email protected] | 6.8 | 4.18% | 2010-09-30 | 2026-06-16 |