A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file.
[
{
"source": "https://github.com/mpv-player/mpv/commit/d0c530919d8cd4d7a774e38ab064e0fabdae34e6",
"target": {
"function": "open_mf_pattern",
"file": "demux/demux_mf.c"
},
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2021-30145-7c714005",
"digest": {
"function_hash": "268634330912393980160582075139174200355",
"length": 2529.0
}
},
{
"source": "https://github.com/mpv-player/mpv/commit/d0c530919d8cd4d7a774e38ab064e0fabdae34e6",
"target": {
"file": "demux/demux_mf.c"
},
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2021-30145-e23b7691",
"digest": {
"line_hashes": [
"318278708610111311971907503341767063621",
"20400393116502452763656028356723097255",
"2518238306090257716179303030090564964",
"122700104744205355818586971563960571964",
"190191767106811564608045251026599596882",
"28396784055268661443982855327607510881",
"129441837851678876694802442058186216748",
"99586014603262892290593702810603438397",
"103567284091188742513705697402229084886",
"133517497564468559407418282955546792386"
],
"threshold": 0.9
}
}
]