A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file.
Weakness
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mpv | Mpv | * | 0.33.0 (including) |
| Mpv | Ubuntu | bionic | * |
| Mpv | Ubuntu | esm-apps/bionic | * |
| Mpv | Ubuntu | esm-apps/focal | * |
| Mpv | Ubuntu | esm-apps/jammy | * |
| Mpv | Ubuntu | esm-apps/xenial | * |
| Mpv | Ubuntu | focal | * |
| Mpv | Ubuntu | groovy | * |
| Mpv | Ubuntu | hirsute | * |
| Mpv | Ubuntu | impish | * |
| Mpv | Ubuntu | jammy | * |
| Mpv | Ubuntu | kinetic | * |
| Mpv | Ubuntu | trusty | * |
| Mpv | Ubuntu | upstream | * |
| Mpv | Ubuntu | xenial | * |
Potential Mitigations
Related Attack Patterns
References
- https://devel0pment.de/?p=2217
- https://github.com/mpv-player/mpv/commit/d0c530919d8cd4d7a774e38ab064e0fabdae34e6
- https://github.com/mpv-player/mpv/releases/tag/v0.33.1
- https://mpv.io
- https://security.gentoo.org/glsa/202107-46
- https://devel0pment.de/?p=2217
- https://github.com/mpv-player/mpv/commit/d0c530919d8cd4d7a774e38ab064e0fabdae34e6
- https://github.com/mpv-player/mpv/releases/tag/v0.33.1
- https://mpv.io
- https://security.gentoo.org/glsa/202107-46