CVE-2011-10008

UNKNOWN 0.0

MPlayer Lite r33064 M3U Stack-Based Buffer Overflow

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A stack-based buffer overflow vulnerability exists in MPlayer Lite r33064 due to improper bounds checking when handling M3U playlist files containing long http:// URL entries. An attacker can craft a malicious .m3u file with a specially formatted URL that triggers a stack overflow when processed by the player, particularly via drag-and-drop interaction. This flaw allows for control of the execution flow through SEH overwrite and a DEP bypass using a ROP chain that leverages known gadgets in loaded DLLs. Successful exploitation may result in arbitrary code execution with the privileges of the current user.

CWE	CWE-121 CWE-20
Vendor	mplayer project
Product	mplayer lite
Published	Jul 31, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for mplayer project mplayer lite

Be the first to know when new unknown vulnerabilities affecting mplayer project mplayer lite are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

MPlayer Project / MPlayer Lite

r33064

References

NVD ↗ CVE.org ↗ EPSS Data ↗

raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/mplayer_m3u_bof.rb exploit-db.com: https://www.exploit-db.com/exploits/17013 vulncheck.com: https://www.vulncheck.com/advisories/mplayer-lite-r33064-m3u-stack-based-buffer-overflow

Credits

C4SS!0 h1ch4m