{"id":"CVE-2007-4938","details":"Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large \"indx truck size\" and nEntriesInuse values, and a certain wLongsPerEntry value.","modified":"2026-04-10T03:39:15.425724Z","published":"2007-09-18T19:17:00Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/27016"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:192"},{"type":"EVIDENCE","url":"http://www.securityfocus.com/bid/25648"},{"type":"EVIDENCE","url":"http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt"},{"type":"WEB","url":"http://osvdb.org/45940"},{"type":"WEB","url":"http://securityreason.com/securityalert/3144"},{"type":"WEB","url":"http://www.securityfocus.com/archive/1/479222/100/0/threaded"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/36581"}],"schema_version":"1.7.5"}