MGASA-2024-0062

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2024-0062.html

Import Source

https://advisories.mageia.org/MGASA-2024-0062.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2024-0062

Related

Published

2024-03-15T02:49:05Z

Modified

2024-03-15T02:32:49Z

Summary

Updated mplayer packages fix security vulnerabilities

Details

The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config () of llibmpcodecs/vfscale.c. (CVE-2022-38850) Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function readmetarecord() of mplayer/libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. (CVE-2022-38851) Certain The MPlayer Project products are vulnerable to Buffer Overflow via function genshvideo () of mplayer/libmpdemux/demuxmov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. (CVE-2022-38855) Certain The MPlayer Project products are vulnerable to Buffer Overflow via function movbuildindex() of libmpdemux/demuxmov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. (CVE-2022-38858) Certain The MPlayer Project products are vulnerable to Divide By Zero via function demuxopenavi() of libmpdemux/demuxavi.c which affects mencoder. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. (CVE-2022-38860) The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function freempimage() of libmpcodecs/mpimage.c. (CVE-2022-38861) Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mpgetbits() of libmpdemux/mpeghdr.c which affects mencoder and mplayer. This affects mecoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1. (CVE-2022-38863) Certain The MPlayer Project products are vulnerable to Buffer Overflow via the function mpunescape03() of libmpdemux/mpeghdr.c. This affects mencoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1. (CVE-2022-38864) Certain The MPlayer Project products are vulnerable to Divide By Zero via the function demuxavireadpacket of libmpdemux/demuxavi.c. This affects mplyer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. (CVE-2022-38865) Certain The MPlayer Project products are vulnerable to Buffer Overflow via readavi_header() of libmpdemux/aviheader.c . This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. (CVE-2022-38866)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / mplayer

Package

Name: mplayer
Purl: pkg:rpm/mageia/mplayer?distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5-12.1.mga9.tainted

Ecosystem specific

{
    "section": "tainted"
}

Mageia:9 / mplayer

Package

Name: mplayer
Purl: pkg:rpm/mageia/mplayer?distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5-12.1.mga9

Ecosystem specific

{
    "section": "core"
}