CVE-2022-38850 The MPlayer Project's mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config() of llibmpcodecs/vf_scale.c

The source code for this function can be found here.

A heap-based buffer overflow vulnerability has been identified in the function config () of llibmpcodecs/vf_scale.c. A maliciously crafted mp4 file could cause MPlayer to crash and potentially execute arbitrary code with the privileges of the user running MPlayer. This vulnerability is also related to CVE-2017-7850. MPlayer versions up to and including SVN-r38374-13.0.1 are vulnerable. MPlayer versions upredone to and including SVN-r38374-13.0.1 are vulnerable. MPlayer versions up to and including SVN-r38374-13.0.1 are vulnerable. These issues have been fixed in the stable version r38374-13.0.2. These issues have been fixed in the stable version r38374-13.0.2. These issues have been fixed in the stable version r38374-13.0.2. These issues have been fixed in the stable version r38374-13.0.2. These issues have been fixed in the stable version r38374-13.0.2. These issues have been fixed in the stable version r38374-13.0.2. These issues have been fixed in the stable version r38374-13.0.2. These issues have been fixed in the stable version r38374-13.

Versions Affected by CVE-2017-7850

MPlayer versions up to and including SVN-r38374-13.0.1 are vulnerable. MPlayer versions upredone to and including SVN-r38374-13.0.1 are vulnerable. MPlayer versions up to and including SVN-r38374-13.0.1 are vulnerable.

Timeline

Published on: 09/15/2022 16:15:00 UTC
Last modified on: 09/20/2022 18:39:00 UTC

References

• https://trac.mplayerhq.hu/ticket/2399
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38850