{"modified": "2007-02-08T00:00:00", "cvelist": ["CVE-2008-0486"], "edition": 1, "type": "freebsd", "reporter": "FreeBSD", "references": ["http://www.xinehq.de/index.php/news"], "hashmap": [{"hash": "992968f5255586393d7ae61589ab21a5", "key": "affectedPackage"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "2b90dbc42782cc8a9be1aee14e182ac1", "key": "cvelist"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "829aaa3cc4690b2bbf402b15402db702", "key": "description"}, {"hash": "f82f4f9b14ea2a48d8fb0d6db34e16e7", "key": "href"}, {"hash": "bfacc405abf57c54939fd37227b27a02", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "bfacc405abf57c54939fd37227b27a02", "key": "published"}, {"hash": "294a69f718eed8dfee2b113af9cd5f6f", "key": "references"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "93dc2196e54b6edde81c55d53632faae", "key": "title"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "cfcd208495d565ef66e7dff9f98764da", "key": "viewCount"}], "href": "https://vuxml.freebsd.org/freebsd/e8a6a16d-e498-11dc-bb89-000bcdc1757a.html", "description": "\nxine Team reports:\n\nA new xine-lib version is now available. This release\n\t contains a security fix (array index vulnerability which\n\t may lead to a stack buffer overflow.\n\n", "id": "E8A6A16D-E498-11DC-BB89-000BCDC1757A", "lastseen": "2016-09-26T17:24:58", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "hash": "9713c5308a9adec7e22c8f140b19a2d432e9f513912c1d6d8cdc0356d184ea5b", "enchantments": {"vulnersScore": 7.5}, "bulletinFamily": "unix", "history": [], "published": "2007-02-08T00:00:00", "objectVersion": "1.2", "affectedPackage": [{"packageFilename": "UNKNOWN", "operator": "lt", "OS": "FreeBSD", "packageName": "libxine", "OSVersion": "any", "packageVersion": "1.1.10.1", "arch": "noarch"}], "viewCount": 1, "title": "libxine -- buffer overflow vulnerability"}

{"result": {"cve": [{"id": "CVE-2008-0486", "type": "cve", "title": "CVE-2008-0486", "description": "Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.", "published": "2008-02-05T07:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0486", "cvelist": ["CVE-2008-0486"], "lastseen": "2016-09-03T10:04:52"}], "nessus": [{"id": "FEDORA_2008-1543.NASL", "type": "nessus", "title": "Fedora 8 : xine-lib-1.1.10.1-1.fc8 (2008-1543)", "description": "- Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> - 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> - 1.1.10-2 - Include spu, spucc, and spucmml decoders (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-02-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31068", "cvelist": ["CVE-2008-0486"], "lastseen": "2017-10-29T13:36:44"}, {"id": "FEDORA_2008-1581.NASL", "type": "nessus", "title": "Fedora 7 : xine-lib-1.1.10.1-1.fc7 (2008-1581)", "description": "- Fri Feb 8 2008 Ville Skytta <ville.skytta at iki.fi> - 1.1.10.1-1 - 1.1.10.1 (security update, #431541). * Sun Jan 27 2008 Ville Skytta <ville.skytta at iki.fi> - 1.1.10-2 - Include spu, spucc, and spucmml decoders (#213597). Upstream release notes:\n http://sourceforge.net/project/shownotes.php?group_id=96 55&release_id=574735\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-02-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31072", "cvelist": ["CVE-2008-0486"], "lastseen": "2017-10-29T13:40:54"}, {"id": "FREEBSD_PKG_E8A6A16DE49811DCBB89000BCDC1757A.NASL", "type": "nessus", "title": "FreeBSD : libxine -- buffer overflow vulnerability (e8a6a16d-e498-11dc-bb89-000bcdc1757a)", "description": "xine Team reports :\n\nA new xine-lib version is now available. This release contains a security fix (array index vulnerability which may lead to a stack buffer overflow.", "published": "2008-02-28T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31304", "cvelist": ["CVE-2008-0486"], "lastseen": "2017-10-29T13:42:40"}, {"id": "SUSE_XINE-DEVEL-5080.NASL", "type": "nessus", "title": "SuSE 10 Security Update : xine (ZYPP Patch Number 5080)", "description": "This update of xine fixes a possible buffer overflow that can be triggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and a possible buffer overflow in the matroska demuxer.", "published": "2008-03-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31460", "cvelist": ["CVE-2008-0486"], "lastseen": "2017-10-29T13:33:36"}, {"id": "SUSE_XINE-DEVEL-5078.NASL", "type": "nessus", "title": "openSUSE 10 Security Update : xine-devel (xine-devel-5078)", "description": "This update of xine fixes a possible buffer overflow that can be triggered via FLAC tags to execute arbitrary code (CVE-2008-0486) and a possible buffer overflow in the matroska demuxer.", "published": "2008-03-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31459", "cvelist": ["CVE-2008-0486"], "lastseen": "2017-10-29T13:37:26"}, {"id": "GENTOO_GLSA-200802-12.NASL", "type": "nessus", "title": "GLSA-200802-12 : xine-lib: User-assisted execution of arbitrary code", "description": "The remote host is affected by the vulnerability described in GLSA-200802-12 (xine-lib: User-assisted execution of arbitrary code)\n\n Damian Frizza and Alfredo Ortega (Core Security Technologies) discovered a stack-based buffer overflow within the open_flac_file() function in the file demux_flac.c when parsing tags within a FLAC file (CVE-2008-0486). A buffer overflow when parsing ASF headers, which is similar to CVE-2006-1664, has also been discovered (CVE-2008-1110).\n Impact :\n\n A remote attacker could entice a user to play specially crafted FLAC or ASF video streams with a player using xine-lib, potentially resulting in the execution of arbitrary code with the privileges of the user running the player.\n Workaround :\n\n There is no known workaround at this time.", "published": "2008-02-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31295", "cvelist": ["CVE-2008-0486", "CVE-2008-1110", "CVE-2006-1664"], "lastseen": "2017-10-29T13:45:57"}, {"id": "MANDRIVA_MDVSA-2008-046.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : xine-lib (MDVSA-2008:046-1)", "description": "An array index vulnerability found in the FLAC audio demuxer might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. Although originally an MPlayer issue, it also affects xine-lib due to code similarity.\n\nThe updated packages have been patched to prevent this issue.\n\nUpdate :\n\nThe previous update used a bad patch which made Amarok interface very unresponsive while playing FLAC files. This new update fixes the security issue with a better patch.", "published": "2009-04-23T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=36358", "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "lastseen": "2017-10-29T13:45:38"}, {"id": "DEBIAN_DSA-1496.NASL", "type": "nessus", "title": "Debian DSA-1496-1 : mplayer - buffer overflows", "description": "Several buffer overflows have been discovered in the MPlayer movie player, which might lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2008-0485 Felipe Manzano and Anibal Sacco discovered a buffer overflow in the demuxer for MOV files.\n\n - CVE-2008-0486 Reimar Doeffinger discovered a buffer overflow in the FLAC header parsing.\n\n - CVE-2008-0629 Adam Bozanich discovered a buffer overflow in the CDDB access code.\n\n - CVE-2008-0630 Adam Bozanich discovered a buffer overflow in URL parsing.", "published": "2008-02-14T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31056", "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "lastseen": "2017-10-29T13:33:37"}, {"id": "GENTOO_GLSA-200803-16.NASL", "type": "nessus", "title": "GLSA-200803-16 : MPlayer: Multiple buffer overflows", "description": "The remote host is affected by the vulnerability described in GLSA-200803-16 (MPlayer: Multiple buffer overflows)\n\n The following errors have been discovered in MPlayer:\n Felipe Manzano and Anibal Sacco (Core Security Technologies) reported an array indexing error in the file libmpdemux/demux_mov.c when parsing MOV file headers (CVE-2008-0485).\n Damian Frizza and Alfredo Ortega (Core Security Technologies) reported a boundary error in the file libmpdemux/demux_audio.c when parsing FLAC comments (CVE-2008-0486).\n Adam Bozanich (Mu Security) reported boundary errors in the cddb_parse_matches_list() and cddb_query_parse() functions in the file stream_cddb.c when parsing CDDB album titles (CVE-2008-0629) and in the url_scape_string() function in the file stream/url.c when parsing URLS (CVE-2008-0630).\n Impact :\n\n A remote attacker could entice a user to open a specially crafted file, possibly resulting in the execution of arbitrary code with the privileges of the user running MPlayer.\n Workaround :\n\n There is no known workaround at this time.", "published": "2008-03-13T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31442", "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "lastseen": "2017-10-29T13:41:53"}, {"id": "FREEBSD_PKG_DE4D4110EBCE11DCAE140016179B2DD5.NASL", "type": "nessus", "title": "FreeBSD : mplayer -- multiple vulnerabilities (de4d4110-ebce-11dc-ae14-0016179b2dd5)", "description": "The Mplayer team reports :\n\nA buffer overflow was found in the code used to extract album titles from CDDB server answers. When parsing answers from the CDDB server, the album title is copied into a fixed-size buffer with insufficient size checks, which may cause a buffer overflow. A malicious database entry could trigger a buffer overflow in the program. That can lead to arbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to escape URL strings.\nThe code used to skip over IPv6 addresses can be tricked into leaving a pointer to a temporary buffer with a non-NULL value; this causes the unescape code to reuse the buffer, and may lead to a buffer overflow if the old buffer is smaller than required. A malicious URL string may be used to trigger a buffer overflow in the program, that can lead to arbitrary code execution with the UID of the user running MPlayer.\n\nA buffer overflow was found in the code used to parse MOV file headers. The code read some values from the file and used them as indexes into as array allocated on the heap without performing any boundary check. A malicious file may be used to trigger a buffer overflow in the program. That can lead to arbitrary code execution with the UID of the user running MPlayer.", "published": "2008-03-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31378", "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "lastseen": "2017-10-29T13:38:44"}], "openvas": [{"id": "OPENVAS:60533", "type": "openvas", "title": "FreeBSD Ports: libxine", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=60533", "cvelist": ["CVE-2008-0486"], "lastseen": "2017-07-02T21:10:12"}, {"id": "OPENVAS:860441", "type": "openvas", "title": "Fedora Update for xine-lib FEDORA-2008-1543", "description": "Check for the Version of xine-lib", "published": "2009-02-16T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860441", "cvelist": ["CVE-2008-0486"], "lastseen": "2017-07-25T10:56:39"}, {"id": "OPENVAS:830474", "type": "openvas", "title": "Mandriva Update for xine-lib MDVSA-2008:046-1 (xine-lib)", "description": "Check for the Version of xine-lib", "published": "2009-04-09T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=830474", "cvelist": ["CVE-2008-0486"], "lastseen": "2017-07-24T12:56:20"}, {"id": "OPENVAS:1361412562310830468", "type": "openvas", "title": "Mandriva Update for xine-lib MDVSA-2008:046 (xine-lib)", "description": "Check for the Version of xine-lib", "published": "2009-04-09T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830468", "cvelist": ["CVE-2008-0486"], "lastseen": "2018-04-09T11:39:23"}, {"id": "OPENVAS:830468", "type": "openvas", "title": "Mandriva Update for xine-lib MDVSA-2008:046 (xine-lib)", "description": "Check for the Version of xine-lib", "published": "2009-04-09T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=830468", "cvelist": ["CVE-2008-0486"], "lastseen": "2017-07-24T12:56:21"}, {"id": "OPENVAS:860920", "type": "openvas", "title": "Fedora Update for xine-lib FEDORA-2008-1581", "description": "Check for the Version of xine-lib", "published": "2009-02-16T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860920", "cvelist": ["CVE-2008-0486"], "lastseen": "2017-07-25T10:56:31"}, {"id": "OPENVAS:1361412562310830474", "type": "openvas", "title": "Mandriva Update for xine-lib MDVSA-2008:046-1 (xine-lib)", "description": "Check for the Version of xine-lib", "published": "2009-04-09T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830474", "cvelist": ["CVE-2008-0486"], "lastseen": "2018-04-09T11:39:20"}, {"id": "OPENVAS:60449", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200802-12 (xine-lib)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200802-12.", "published": "2008-09-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=60449", "cvelist": ["CVE-2008-0486", "CVE-2006-1664"], "lastseen": "2017-07-24T12:49:54"}, {"id": "OPENVAS:60519", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200803-16 (mplayer)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200803-16.", "published": "2008-09-24T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=60519", "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "lastseen": "2017-07-24T12:50:02"}, {"id": "OPENVAS:60658", "type": "openvas", "title": "Debian Security Advisory DSA 1536-1 (xine-lib)", "description": "The remote host is missing an update to xine-lib\nannounced via advisory DSA 1536-1.", "published": "2008-04-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=60658", "cvelist": ["CVE-2008-0073", "CVE-2008-0486", "CVE-2007-1246", "CVE-2008-1161", "CVE-2007-1387"], "lastseen": "2017-07-24T12:49:44"}], "seebug": [{"id": "SSV:2889", "type": "seebug", "title": "MPlayer demux_audio.c\u8fdc\u7a0b\u6808\u6ea2\u51fa\u6f0f\u6d1e", "description": "BUGTRAQ ID: 27441\r\nCVE(CAN) ID: CVE-2008-0486\r\n\r\nMPlayer\u662f\u4e00\u6b3e\u57fa\u4e8eLinux\u7684\u5a92\u4f53\u64ad\u653e\u7a0b\u5e8f\uff0c\u652f\u6301\u591a\u79cd\u5a92\u4f53\u683c\u5f0f\u3002\r\n\r\nMPlayer\u7684libmpdemux/demux_audio.c\u6587\u4ef6\u5728\u89e3\u6790FLAC\u6807\u6ce8\u65f6\u5b58\u5728\u6808\u6ea2\u51fa\u6f0f\u6d1e\uff1a\r\n\r\n/-----------\r\n\r\nlibmpdemux/demux_audio.c\r\n \r\n206 case FLAC_VORBIS_COMMENT:\r\n207 {\r\n208 /* For a description of the format please have a look at */\r\n209 /* http://www.xiph.org/vorbis/doc/v-comment.html */\r\n210\r\n211 uint32_t length, comment_list_len;\r\n212 (1) char comments[blk_len];\r\n213 uint8_t *ptr = comments;\r\n214 char *comment;\r\n215 int cn;\r\n216 char c;\r\n217\r\n218 if (stream_read (s, comments, blk_len) == blk_len)\r\n219 {\r\n220 (2) length = AV_RL32(ptr);\r\n221 ptr += 4 + length;\r\n222\r\n223 comment_list_len = AV_RL32(ptr);\r\n224 ptr += 4;\r\n225\r\n226 cn = 0;\r\n227 for (; cn &lt; comment_list_len; cn++)\r\n228 {\r\n229 length = AV_RL32(ptr);\r\n230 ptr += 4;\r\n231\r\n232 comment = ptr;\r\n233 (3) c = comment[length];\r\n234 comment[length] = 0; ...\r\n\r\n- -----------/\r\n\r\n\u53ef\u89c1\u5728(2)\u5904length\u53c2\u6570\u662f\u4ece\u6587\u4ef6\u6d41\u4e2d\u7684\u4f4d\u7f6e\u52a0\u8f7d\u7684\uff0c\u7136\u540e\u672a\u7ecf\u4efb\u4f55\u9a8c\u8bc1\u4fbf\u5728comment\u7f13\u51b2\u533a\u7d22\u5f15\u4e2d\u4f7f\u7528\uff0c\u8fd9\u53ef\u80fd\u89e6\u53d1\u6808\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\n\nMPlayer MPlayer 1.0 rc2\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMPlayer\r\n-------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.mplayerhq.hu/MPlayer/patches/url_fix_20080120.diff target=_blank>http://www.mplayerhq.hu/MPlayer/patches/url_fix_20080120.diff</a>\r\n<a href=http://www.mplayerhq.hu/MPlayer/patches/demux_mov_fix_20080129.diff target=_blank>http://www.mplayerhq.hu/MPlayer/patches/demux_mov_fix_20080129.diff</a>\r\n<a href=http://www.mplayerhq.hu/MPlayer/patches/demux_audio_fix_20080129.diff target=_blank>http://www.mplayerhq.hu/MPlayer/patches/demux_audio_fix_20080129.diff</a>", "published": "2008-02-14T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-2889", "cvelist": ["CVE-2008-0486"], "lastseen": "2017-11-19T21:48:16"}], "gentoo": [{"id": "GLSA-200802-12", "type": "gentoo", "title": "xine-lib: User-assisted execution of arbitrary code", "description": "### Background\n\nxine-lib is the core library package for the xine media player. \n\n### Description\n\nDamian Frizza and Alfredo Ortega (Core Security Technologies) discovered a stack-based buffer overflow within the open_flac_file() function in the file demux_flac.c when parsing tags within a FLAC file (CVE-2008-0486). A buffer overflow when parsing ASF headers, which is similar to CVE-2006-1664, has also been discovered (CVE-2008-1110). \n\n### Impact\n\nA remote attacker could entice a user to play specially crafted FLAC or ASF video streams with a player using xine-lib, potentially resulting in the execution of arbitrary code with the privileges of the user running the player. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll xine-lib users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/xine-lib-1.1.10.1\"", "published": "2008-02-26T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200802-12", "cvelist": ["CVE-2008-0486", "CVE-2008-1110", "CVE-2006-1664"], "lastseen": "2016-09-06T19:46:17"}, {"id": "GLSA-200803-16", "type": "gentoo", "title": "MPlayer: Multiple buffer overflows", "description": "### Background\n\nMPlayer is a media player incuding support for a wide range of audio and video formats. \n\n### Description\n\nThe following errors have been discovered in MPlayer: \n\n * Felipe Manzano and Anibal Sacco (Core Security Technologies) reported an array indexing error in the file libmpdemux/demux_mov.c when parsing MOV file headers (CVE-2008-0485).\n * Damian Frizza and Alfredo Ortega (Core Security Technologies) reported a boundary error in the file libmpdemux/demux_audio.c when parsing FLAC comments (CVE-2008-0486).\n * Adam Bozanich (Mu Security) reported boundary errors in the cddb_parse_matches_list() and cddb_query_parse() functions in the file stream_cddb.c when parsing CDDB album titles (CVE-2008-0629) and in the url_scape_string() function in the file stream/url.c when parsing URLS (CVE-2008-0630).\n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted file, possibly resulting in the execution of arbitrary code with the privileges of the user running MPlayer. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll MPlayer users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-video/mplayer-1.0_rc2_p25993\"", "published": "2008-03-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/200803-16", "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "lastseen": "2016-09-06T19:46:01"}], "debian": [{"id": "DSA-1536", "type": "debian", "title": "libxine -- several vulnerabilities", "description": "Several local vulnerabilities have been discovered in Xine, a media player library, allowed for a denial of service or arbitrary code execution, which could be exploited through viewing malicious content. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2007-1246](<https://security-tracker.debian.org/tracker/CVE-2007-1246>) / [CVE-2007-1387](<https://security-tracker.debian.org/tracker/CVE-2007-1387>)\n\nThe DMO_VideoDecoder_Open function does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code (applies to sarge only).\n\n * [CVE-2008-0073](<https://security-tracker.debian.org/tracker/CVE-2008-0073>)\n\nArray index error in the sdpplin_parse function allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.\n\n * [CVE-2008-0486](<https://security-tracker.debian.org/tracker/CVE-2008-0486>)\n\nArray index vulnerability in libmpdemux/demux_audio.c might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow (applies to etch only).\n\n * [CVE-2008-1161](<https://security-tracker.debian.org/tracker/CVE-2008-1161>)\n\nBuffer overflow in the Matroska demuxer allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Matroska file with invalid frame sizes.\n\nFor the old stable distribution (sarge), these problems have been fixed in version 1.0.1-1sarge7.\n\nFor the stable distribution (etch), these problems have been fixed in version 1.1.2+dfsg-6.\n\nFor the unstable distribution (sid), these problems have been fixed in version 1.1.11-1.\n\nWe recommend that you upgrade your xine-lib package.", "published": "2008-03-31T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-1536", "cvelist": ["CVE-2008-0073", "CVE-2008-0486", "CVE-2007-1246", "CVE-2008-1161", "CVE-2007-1387"], "lastseen": "2016-09-02T18:34:57"}, {"id": "DSA-1496", "type": "debian", "title": "mplayer -- buffer overflows", "description": "Several buffer overflows have been discovered in the MPlayer movie player, which might lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2008-0485](<https://security-tracker.debian.org/tracker/CVE-2008-0485>)\n\nFelipe Manzano and Anibal Sacco discovered a buffer overflow in the demuxer for MOV files.\n\n * [CVE-2008-0486](<https://security-tracker.debian.org/tracker/CVE-2008-0486>)\n\nReimar Doeffinger discovered a buffer overflow in the FLAC header parsing.\n\n * [CVE-2008-0629](<https://security-tracker.debian.org/tracker/CVE-2008-0629>)\n\nAdam Bozanich discovered a buffer overflow in the CDDB access code.\n\n * [CVE-2008-0630](<https://security-tracker.debian.org/tracker/CVE-2008-0630>)\n\nAdam Bozanich discovered a buffer overflow in URL parsing.\n\nThe old stable distribution (sarge) doesn't contain mplayer.\n\nFor the stable distribution (etch), these problems have been fixed in version 1.0~rc1-12etch2.\n\nWe recommend that you upgrade your mplayer packages.", "published": "2008-02-12T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-1496", "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "lastseen": "2016-09-02T18:19:43"}], "freebsd": [{"id": "DE4D4110-EBCE-11DC-AE14-0016179B2DD5", "type": "freebsd", "title": "mplayer -- multiple vulnerabilities", "description": "\nThe Mplayer team reports:\n\nA buffer overflow was found in the code used to extract album\n\t titles from CDDB server answers. When parsing answers from the\n\t CDDB server, the album title is copied into a fixed-size buffer\n\t with insufficient size checks, which may cause a buffer overflow.\n\t A malicious database entry could trigger a buffer overflow in the\n\t program. That can lead to arbitrary code execution with the UID of\n\t the user running MPlayer.\nA buffer overflow was found in the code used to escape URL\n\t strings. The code used to skip over IPv6 addresses can be tricked\n\t into leaving a pointer to a temporary buffer with a non-NULL value;\n\t this causes the unescape code to reuse the buffer, and may lead to\n\t a buffer overflow if the old buffer is smaller than required.\n\t A malicious URL string may be used to trigger a buffer overflow in\n\t the program, that can lead to arbitrary code execution with the UID\n\t of the user running MPlayer.\nA buffer overflow was found in the code used to parse MOV file\n\t headers. The code read some values from the file and used them as\n\t indexes into as array allocated on the heap without performing any\n\t boundary check. A malicious file may be used to trigger a buffer\n\t overflow in the program. That can lead to arbitrary code execution\n\t with the UID of the user running MPlayer.\n\n", "published": "2008-02-05T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/de4d4110-ebce-11dc-ae14-0016179b2dd5.html", "cvelist": ["CVE-2008-0486", "CVE-2008-0630", "CVE-2008-0485", "CVE-2008-0629"], "lastseen": "2016-09-26T17:24:58"}], "ubuntu": [{"id": "USN-635-1", "type": "ubuntu", "title": "xine-lib vulnerabilities", "description": "Alin Rad Pop discovered an array index vulnerability in the SDP parser. If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-0073)\n\nLuigi Auriemma discovered that xine-lib did not properly check buffer sizes in the RTSP header-handling code. If xine-lib opened an RTSP stream with crafted SDP attributes, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-0225, CVE-2008-0238)\n\nDamian Frizza and Alfredo Ortega discovered that xine-lib did not properly validate FLAC tags. If a user or automated system were tricked into opening a crafted FLAC file, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-0486)\n\nIt was discovered that the ASF demuxer in xine-lib did not properly check the length if the ASF header. If a user or automated system were tricked into opening a crafted ASF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-1110)\n\nIt was discovered that the Matroska demuxer in xine-lib did not properly verify frame sizes. If xine-lib opened a crafted ASF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-1161)\n\nLuigi Auriemma discovered multiple integer overflows in xine-lib. If a user or automated system were tricked into opening a crafted FLV, MOV, RM, MVE, MKV or CAK file, a remote attacker may be able to execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-1482)\n\nIt was discovered that xine-lib did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service or possibly execute arbitrary code as the user invoking the program. (CVE-2008-1686)\n\nGuido Landi discovered a stack-based buffer overflow in xine-lib when processing NSF files. If xine-lib opened a specially crafted NSF file with a long NSF title, an attacker could create a denial of service or possibly execute arbitrary code as the user invoking the program. (CVE-2008-1878)", "published": "2008-08-06T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/635-1/", "cvelist": ["CVE-2008-0073", "CVE-2008-0486", "CVE-2008-0238", "CVE-2008-1110", "CVE-2008-1878", "CVE-2008-1686", "CVE-2008-0225", "CVE-2008-1161", "CVE-2008-1482"], "lastseen": "2018-03-29T18:20:23"}]}}