MGASA-2024-0062

Source
https://advisories.mageia.org/MGASA-2024-0062.html
Import Source
https://advisories.mageia.org/MGASA-2024-0062.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2024-0062
Related
Published
2024-03-15T02:49:05Z
Modified
2024-03-15T02:32:49Z
Summary
Updated mplayer packages fix security vulnerabilities
Details

The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config () of llibmpcodecs/vfscale.c. (CVE-2022-38850) Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function readmetarecord() of mplayer/libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. (CVE-2022-38851) Certain The MPlayer Project products are vulnerable to Buffer Overflow via function genshvideo () of mplayer/libmpdemux/demuxmov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. (CVE-2022-38855) Certain The MPlayer Project products are vulnerable to Buffer Overflow via function movbuildindex() of libmpdemux/demuxmov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. (CVE-2022-38858) Certain The MPlayer Project products are vulnerable to Divide By Zero via function demuxopenavi() of libmpdemux/demuxavi.c which affects mencoder. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. (CVE-2022-38860) The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function freempimage() of libmpcodecs/mpimage.c. (CVE-2022-38861) Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mpgetbits() of libmpdemux/mpeghdr.c which affects mencoder and mplayer. This affects mecoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1. (CVE-2022-38863) Certain The MPlayer Project products are vulnerable to Buffer Overflow via the function mpunescape03() of libmpdemux/mpeghdr.c. This affects mencoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1. (CVE-2022-38864) Certain The MPlayer Project products are vulnerable to Divide By Zero via the function demuxavireadpacket of libmpdemux/demuxavi.c. This affects mplyer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. (CVE-2022-38865) Certain The MPlayer Project products are vulnerable to Buffer Overflow via readavi_header() of libmpdemux/aviheader.c . This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. (CVE-2022-38866)

References
Credits

Affected packages

Mageia:9 / mplayer

Package

Name
mplayer
Purl
pkg:rpm/mageia/mplayer?distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5-12.1.mga9.tainted

Ecosystem specific

{
    "section": "tainted"
}

Mageia:9 / mplayer

Package

Name
mplayer
Purl
pkg:rpm/mageia/mplayer?distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5-12.1.mga9

Ecosystem specific

{
    "section": "core"
}