CVE-2021-30145

Опубликовано: 18 мая 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file.

Ссылки

https://devel0pment.de/?p=2217
Exploit
Third Party Advisory
https://github.com/mpv-player/mpv/commit/d0c530919d8cd4d7a774e38ab064e0fabdae34e6
Patch
Third Party Advisory
https://github.com/mpv-player/mpv/releases/tag/v0.33.1
Third Party Advisory
https://mpv.io
Product
Vendor Advisory
https://security.gentoo.org/glsa/202107-46
Third Party Advisory
https://devel0pment.de/?p=2217
Exploit
Third Party Advisory
https://github.com/mpv-player/mpv/commit/d0c530919d8cd4d7a774e38ab064e0fabdae34e6
Patch
Third Party Advisory
https://github.com/mpv-player/mpv/releases/tag/v0.33.1
Third Party Advisory
https://mpv.io
Product
Vendor Advisory
https://security.gentoo.org/glsa/202107-46
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mpv:mpv:*:*:*:*:*:*:*:*

Версия до 0.33.0 (включая)

EPSS

Процентиль: 87%

0.03391

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-134

Связанные уязвимости

CVE-2021-30145

CVSS3: 7.8

ubuntu

больше 4 лет назад

A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file.

CVE-2021-30145

CVSS3: 7.8

debian

больше 4 лет назад

A format string vulnerability in mpv through 0.33.0 allows user-assist ...

openSUSE-SU-2021:0788-1

suse-cvrf

больше 4 лет назад

Security update for mpv

GHSA-mf25-jq7f-vx34

CVSS3: 7.8

github

больше 3 лет назад

A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file.

EPSS

Процентиль: 87%

0.03391

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-134