CVE-2007-1387

EPSS 5.1%

Published: 3/13/2007Modified: 4/28/2026

Also known as:DEBIAN-CVE-2007-1387

Description

The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1246.

Affected packages (1)

Debian/mplayerfrom 0, < 1.0~rc1-13

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2007-1387