Vulnerabilities (CVE)

Filtered by vendor Mplayerhq Subscribe
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-2162 3 Ffmpeg, Mandriva, Mplayerhq 5 Ffmpeg, Corporate Server, Enterprise Server and 2 more 2024-11-21 10.0 HIGH N/A
Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues "originally discovered by Google Chrome developers."
CVE-2011-2160 2 Ffmpeg, Mplayerhq 2 Ffmpeg, Mplayer 2024-11-21 9.3 HIGH N/A
The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPlayer and other products, does not properly restrict read operations, which allows remote attackers to have an unspecified impact via a crafted VC-1 file, a related issue to CVE-2011-0723.
CVE-2011-0722 2 Ffmpeg, Mplayerhq 2 Ffmpeg, Mplayer 2024-11-21 6.8 MEDIUM N/A
FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file.
CVE-2010-3908 2 Ffmpeg, Mplayerhq 2 Ffmpeg, Mplayer 2024-11-21 6.8 MEDIUM N/A
FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file.
CVE-2010-3429 2 Ffmpeg, Mplayerhq 3 Ffmpeg, Libavcodec, Mplayer 2024-11-21 6.8 MEDIUM N/A
flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability."
CVE-2022-32317 1 Mplayerhq 1 Mplayer 2024-08-03 4.3 MEDIUM 5.5 MEDIUM
The MPlayer Project v1.5 was discovered to contain a heap use-after-free resulting in a double free in the preinit function at libvo/vo_v4l2.c. This vulnerability can lead to a Denial of Service (DoS) via a crafted file. The device=strdup statement is not executed on every call. Note: This has been disputed by third parties as invalid and not reproduceable.