We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2011-10008

MPlayer Lite r33064 M3U Stack-Based Buffer Overflow



Description

A stack-based buffer overflow vulnerability exists in MPlayer Lite r33064 due to improper bounds checking when handling M3U playlist files containing long http:// URL entries. An attacker can craft a malicious .m3u file with a specially formatted URL that triggers a stack overflow when processed by the player, particularly via drag-and-drop interaction. This flaw allows for control of the execution flow through SEH overwrite and a DEP bypass using a ROP chain that leverages known gadgets in loaded DLLs. Successful exploitation may result in arbitrary code execution with the privileges of the current user.

Reserved 2025-07-30 | Published 2025-07-31 | Updated 2025-07-31 | Assigner VulnCheck


HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-121 Stack-based Buffer Overflow

CWE-20 Improper Input Validation

Product status

Default status
unknown

r33064
affected

Credits

C4SS!0 finder

h1ch4m finder

References

raw.githubusercontent.com/...s/fileformat/mplayer_m3u_bof.rb exploit

www.exploit-db.com/exploits/17013 exploit

www.vulncheck.com/...-r33064-m3u-stack-based-buffer-overflow third-party-advisory

cve.org (CVE-2011-10008)

nvd.nist.gov (CVE-2011-10008)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2011-10008

Support options

Helpdesk Chat, Email, Knowledgebase