CVE-2021-30145

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-30145
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-30145.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-30145
Downstream
Related
Published
2021-05-18T14:15:07Z
Modified
2025-10-13T10:54:20.981668Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file.

References

Affected packages

Git / github.com/mpv-player/mpv

Affected ranges

Type
GIT
Repo
https://github.com/mpv-player/mpv
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b5d3e43198b9d57af5620b63537885aaa41fa8cd
Fixed
d0c530919d8cd4d7a774e38ab064e0fabdae34e6

Affected versions

v0.*

v0.1.0
v0.25.0
v0.26.0
v0.27.0
v0.28.0
v0.29.0
v0.30.0
v0.31.0
v0.32.0
v0.33.0

Database specific 

{
    "vanir_signatures": [
        {
            "target": {
                "file": "demux/demux_mf.c",
                "function": "open_mf_pattern"
            },
            "source": "https://github.com/mpv-player/mpv/commit/d0c530919d8cd4d7a774e38ab064e0fabdae34e6",
            "digest": {
                "length": 2529.0,
                "function_hash": "268634330912393980160582075139174200355"
            },
            "signature_version": "v1",
            "id": "CVE-2021-30145-7c714005",
            "deprecated": false,
            "signature_type": "Function"
        },
        {
            "target": {
                "file": "demux/demux_mf.c"
            },
            "source": "https://github.com/mpv-player/mpv/commit/d0c530919d8cd4d7a774e38ab064e0fabdae34e6",
            "digest": {
                "line_hashes": [
                    "318278708610111311971907503341767063621",
                    "20400393116502452763656028356723097255",
                    "2518238306090257716179303030090564964",
                    "122700104744205355818586971563960571964",
                    "190191767106811564608045251026599596882",
                    "28396784055268661443982855327607510881",
                    "129441837851678876694802442058186216748",
                    "99586014603262892290593702810603438397",
                    "103567284091188742513705697402229084886",
                    "133517497564468559407418282955546792386"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "id": "CVE-2021-30145-e23b7691",
            "deprecated": false,
            "signature_type": "Line"
        }
    ]
}