We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
A stack-based buffer overflow vulnerability exists in MPlayer Lite r33064 due to improper bounds checking when handling M3U playlist files containing long http:// URL entries. An attacker can craft a malicious .m3u file with a specially formatted URL that triggers a stack overflow when processed by the player, particularly via drag-and-drop interaction. This flaw allows for control of the execution flow through SEH overwrite and a DEP bypass using a ROP chain that leverages known gadgets in loaded DLLs. Successful exploitation may result in arbitrary code execution with the privileges of the current user.
Reserved 2025-07-30 | Published 2025-07-31 | Updated 2025-07-31 | Assigner VulnCheckCWE-121 Stack-based Buffer Overflow
CWE-20 Improper Input Validation
C4SS!0
h1ch4m
raw.githubusercontent.com/...s/fileformat/mplayer_m3u_bof.rb
www.exploit-db.com/exploits/17013
www.vulncheck.com/...-r33064-m3u-stack-based-buffer-overflow
Support options