MPlayer Buffer Overflow and String Handling Flaws May Let Remote Users Execute Arbitrary Code - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Multimedia) > MPlayer

Vendors: mplayerhq.hu

MPlayer Buffer Overflow and String Handling Flaws May Let Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1010629

SecurityTracker URL: http://securitytracker.com/id/1010629

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Jul 1 2004

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 1.0pre4 and prior versions

Description: Several buffer overflow vulnerabilities were reported in MPlayer in the GUI, the base code, and some library functions. A remote user may be able to cause a target user to execute arbitrary code.

The vendor reported that a security audit was performed by Richard Felker and Nicholas Kain, uncovering multiple potentially exploitable buffer overflow and string handling bugs.

The flaws reside in 'Gui/skin/font.c', 'Gui/skin/skin.c', 'libmenu/menu_console.c', 'libmpdemux/cue_read.c', 'libvo/vo_dxr3.c', 'osdep/strl.c', 'playtree.c', 'subreader.c', and 'vidix/vidixlib.c'.

The specific impact of each bug was not disclosed.

Impact: A remote user may be able to create a specially crafted playlist that, when opened by the target user, will cause arbitrary code to be executed with the privileges of the target user.

Solution: The vendor issued a fix in MPlayer CVS on June 25, 2004 16:49:52 +0000 (UTC). The vendor has also released fixed versions (1.0pre5 and 0.93), available at:

http://www.mplayerhq.hu/homepage/design6/dload.html

The vendor has also issued a patch for 1.0pre4:

(http://www.mplayerhq.hu/MPlayer/patches/vuln04-fix.diff

The vendor has also issued a patch for 0_90:

http://www.mplayerhq.hu/MPlayer/patches/vuln04-0_90-fix.diff

The vendor indicates that support of the 0_90 tree is no longer being provided and that upgrading to MPlayer 1.0pre5 or the latest CVS version is recommended.

Vendor URL: www.mplayerhq.hu/homepage/design6/news.html (Links to External Site)

Cause: Boundary error

Underlying OS: Linux (Any)

Message History: None.

Source Message Contents


[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC