{"id":"MGASA-2024-0062","summary":"Updated mplayer packages fix security vulnerabilities","details":"The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide\nBy Zero via the function config () of llibmpcodecs/vf_scale.c.\n(CVE-2022-38850)\nCertain The MPlayer Project products are vulnerable to Out-of-bounds\nRead via function read_meta_record() of mplayer/libmpdemux/asfheader.c.\nThis affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.\n(CVE-2022-38851)\nCertain The MPlayer Project products are vulnerable to Buffer Overflow\nvia function gen_sh_video () of mplayer/libmpdemux/demux_mov.c. This\naffects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.\n(CVE-2022-38855)\nCertain The MPlayer Project products are vulnerable to Buffer Overflow\nvia function mov_build_index() of libmpdemux/demux_mov.c. This affects\nmplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.\n(CVE-2022-38858)\nCertain The MPlayer Project products are vulnerable to Divide By Zero\nvia function demux_open_avi() of libmpdemux/demux_avi.c which affects\nmencoder. This affects mplayer SVN-r38374-13.0.1 and mencoder\nSVN-r38374-13.0.1. (CVE-2022-38860)\nThe MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory\ncorruption via function free_mp_image() of libmpcodecs/mp_image.c.\n(CVE-2022-38861)\nCertain The MPlayer Project products are vulnerable to Buffer Overflow\nvia function mp_getbits() of libmpdemux/mpeg_hdr.c which affects\nmencoder and mplayer. This affects mecoder SVN-r38374-13.0.1 and mplayer\nSVN-r38374-13.0.1. (CVE-2022-38863)\nCertain The MPlayer Project products are vulnerable to Buffer Overflow\nvia the function mp_unescape03() of libmpdemux/mpeg_hdr.c. This affects\nmencoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1.\n(CVE-2022-38864)\nCertain The MPlayer Project products are vulnerable to Divide By Zero\nvia the function demux_avi_read_packet of libmpdemux/demux_avi.c. This\naffects mplyer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.\n(CVE-2022-38865)\nCertain The MPlayer Project products are vulnerable to Buffer Overflow\nvia read_avi_header() of libmpdemux/aviheader.c . This affects mplayer\nSVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. (CVE-2022-38866)\n","modified":"2026-01-31T19:35:40.474755Z","published":"2024-03-15T02:49:05Z","related":["CVE-2022-38850","CVE-2022-38851","CVE-2022-38855","CVE-2022-38858","CVE-2022-38860","CVE-2022-38861","CVE-2022-38863","CVE-2022-38864","CVE-2022-38865","CVE-2022-38866"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0062.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=31360"}],"affected":[{"package":{"name":"mplayer","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/mplayer?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5-12.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0062.json"}},{"package":{"name":"mplayer","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/mplayer?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5-12.1.mga9.tainted"}]}],"ecosystem_specific":{"section":"tainted"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0062.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}