CVE-2021-30145

NameCVE-2021-30145
DescriptionA format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs986839

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mpv (PTS)bullseye0.32.0-3fixed
bookworm0.35.1-4fixed
sid, trixie0.39.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mpvsource(unstable)0.32.0-3986839

Notes

[buster] - mpv <no-dsa> (Minor issue)
[stretch] - mpv <postponed> (Minor issue; can be fixed in next update)
https://github.com/mpv-player/mpv/commit/cb3fa04bcb2ba9e0d25788480359157208c13e0b

Search for package or bug name: Reporting problems