Vulnerability CVE-2021-30145: Information

Description

A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-30145
Published: May 18, 2021
Modified: May 20, 2022
Error type identifier: CWE-134

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
mpvsisyphus0.33.1-alt10.38.0-alt1ALT-PU-2021-1897-1273302Fixed
mpvp100.33.1-alt10.36.0-alt1.2ALT-PU-2021-1897-1273302Fixed
mpvc10f10.33.1-alt10.34.1-alt2ALT-PU-2021-1897-1273302Fixed
mpvp110.33.1-alt10.38.0-alt1ALT-PU-2021-1897-1273302Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://devel0pment.de/?p=2217
  • Exploit
  • Third Party Advisory
https://github.com/mpv-player/mpv/releases/tag/v0.33.1
  • Third Party Advisory
https://mpv.io
  • Product
  • Vendor Advisory
https://github.com/mpv-player/mpv/commit/d0c530919d8cd4d7a774e38ab064e0fabdae34e6
  • Patch
  • Third Party Advisory
GLSA-202107-46
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:mpv:mpv:*:*:*:*:*:*:*:*
      End including
      0.33.0
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top