Login Sign Up

CVE-2021-30145

7.8 HIGH
Remote Code Execution

📋 TL;DR

A format string vulnerability in mpv media player allows attackers to execute arbitrary code by tricking users into opening a malicious m3u playlist file. This affects mpv versions up to 0.33.0 on all platforms where users open untrusted playlist files.

💻 Affected Systems

Products:
  • mpv media player
Versions: All versions up to and including 0.33.0
Operating Systems: Linux, Windows, macOS, BSD
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable when processing m3u playlist files.

📦 What is this software?

Mpv by Mpv

View all CVEs affecting Mpv →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the mpv user, potentially leading to full system compromise, data theft, or malware installation.

🟠

Likely Case

Local privilege escalation or arbitrary code execution when users open malicious playlist files from untrusted sources.

🟢

If Mitigated

Limited impact if users only open trusted playlist files and mpv runs with minimal privileges.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction to open a malicious playlist file. The vulnerability is well-documented with public proof-of-concept available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.33.1 and later

Vendor Advisory: https://github.com/mpv-player/mpv/releases/tag/v0.33.1

Restart Required: No

Instructions:

1. Download mpv 0.33.1 or later from https://mpv.io/installation/ 2. Install the updated version 3. Verify installation with 'mpv --version'

🔧 Temporary Workarounds

Disable playlist file association

all

Remove mpv as the default application for .m3u files to prevent automatic opening

Run mpv with reduced privileges

linux

Execute mpv with limited user permissions to reduce impact of exploitation

sudo -u nobody mpv [file]

🧯 If You Can't Patch

  • Avoid opening m3u playlist files from untrusted sources
  • Use alternative media players for playlist files until patched

🔍 How to Verify

Check if Vulnerable:

Check mpv version with 'mpv --version' and verify it's 0.33.0 or earlier

Check Version:

mpv --version | head -1

Verify Fix Applied:

Confirm mpv version is 0.33.1 or later with 'mpv --version'

📡 Detection & Monitoring

Log Indicators:

  • Unusual mpv process behavior
  • Unexpected child processes spawned from mpv
  • Crash logs from mpv with format string errors

Network Indicators:

  • Downloads of m3u files from suspicious sources
  • Outbound connections from mpv process

SIEM Query:

process_name="mpv" AND (process_command_line CONTAINS ".m3u" OR file_path ENDS WITH ".m3u")

📊 Metadata

CVE ID: CVE-2021-30145
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-134
Published: May 18, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-30145, you might also want to check these:

CVE-2021-41193 9.8

CVE-2021-41193 is a remote format string vulnerability in wire-avs, the audio visual signaling compo...

Same vulnerability type (CWE-134)
CVE-2021-42911 9.8

This is a critical format string vulnerability in DrayTek router firmware that allows remote attacke...

Same vulnerability type (CWE-134)
CVE-2023-5746 9.8

A format string vulnerability in Synology camera firmware allows remote attackers to execute arbitra...

Same vulnerability type (CWE-134)