Aggregates CVE and security vulnerability intelligence across all mplayerhq-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk memory corruption, vendor risk buffer overflow, and vendor risk input validation, with potential vendor impact memory corruption across vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-38851 | Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function read_meta_record() of mplayer/libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. | [email protected] | 5.5 | 0.31% | 2022-09-15 | 2026-06-17 |
| CVE-2022-38850 | The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config () of llibmpcodecs/vf_scale.c. | [email protected] | 5.5 | 0.31% | 2022-09-15 | 2026-06-17 |
| CVE-2022-38600 | Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf_vo.c. | [email protected] | 5.5 | 0.35% | 2022-09-15 | 2026-06-17 |
| CVE-2022-38866 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via read_avi_header() of libmpdemux/aviheader.c . This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. | [email protected] | 5.5 | 0.27% | 2022-09-15 | 2026-06-17 |
| CVE-2022-38865 | Certain The MPlayer Project products are vulnerable to Divide By Zero via the function demux_avi_read_packet of libmpdemux/demux_avi.c. This affects mplyer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. | [email protected] | 5.5 | 0.31% | 2022-09-15 | 2026-06-17 |
| CVE-2022-38864 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via the function mp_unescape03() of libmpdemux/mpeg_hdr.c. This affects mencoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1. | [email protected] | 5.5 | 0.34% | 2022-09-15 | 2026-06-17 |
| CVE-2022-38863 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mp_getbits() of libmpdemux/mpeg_hdr.c which affects mencoder and mplayer. This affects mecoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1. | [email protected] | 5.5 | 0.34% | 2022-09-15 | 2026-06-17 |
| CVE-2022-38862 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function play() of libaf/af.c:639. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. | [email protected] | 7.8 | 0.33% | 2022-09-15 | 2026-06-17 |
| CVE-2022-38861 | The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function free_mp_image() of libmpcodecs/mp_image.c. | [email protected] | 5.5 | 0.31% | 2022-09-15 | 2026-06-17 |
| CVE-2022-38860 | Certain The MPlayer Project products are vulnerable to Divide By Zero via function demux_open_avi() of libmpdemux/demux_avi.c which affects mencoder. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. | [email protected] | 5.5 | 0.31% | 2022-09-15 | 2026-06-17 |
| CVE-2022-38858 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. | [email protected] | 5.5 | 0.34% | 2022-09-15 | 2026-06-17 |
| CVE-2022-38856 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. | [email protected] | 5.5 | 0.29% | 2022-09-15 | 2026-06-17 |
| CVE-2022-38855 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function gen_sh_video () of mplayer/libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. | [email protected] | 5.5 | 0.34% | 2022-09-15 | 2026-06-17 |
| CVE-2022-38853 | Certain The MPlayer Project products are vulnerable to Buffer Overflow via function asf_init_audio_stream() of libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. | [email protected] | 5.5 | 0.29% | 2022-09-15 | 2026-06-17 |
| CVE-2022-32317 | The MPlayer Project v1.5 was discovered to contain a heap use-after-free resulting in a double free in the preinit function at libvo/vo_v4l2.c. This vulnerability can lead to a Denial of Service (DoS) via a crafted file. The device=strdup statement is not executed on every call. Note: This has been disputed by third parties as invalid and not reproduceable. | [email protected] | 5.5 | 0.75% | 2022-07-14 | 2026-06-17 |
| CVE-2011-2162 | Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues "originally discovered by Google Chrome developers." | [email protected] | 10.0 | 2.32% | 2011-05-20 | 2026-06-16 |
| CVE-2011-2160 | The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPlayer and other products, does not properly restrict read operations, which allows remote attackers to have an unspecified impact via a crafted VC-1 file, a related issue to CVE-2011-0723. | [email protected] | 9.3 | 1.70% | 2011-05-20 | 2026-06-16 |
| CVE-2011-0722 | FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file. | [email protected] | 6.8 | 4.23% | 2011-05-20 | 2026-06-16 |
| CVE-2010-3908 | FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file. | [email protected] | 6.8 | 2.97% | 2011-05-20 | 2026-06-16 |
| CVE-2010-3429 | flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability." | [email protected] | 6.8 | 4.18% | 2010-09-30 | 2026-06-16 |