Gentoo FoundationGLSA-200803-16MPlayer: Multiple buffer overflows
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.207 Low
EPSS
Percentile
96.4%
Background
MPlayer is a media player incuding support for a wide range of audio and video formats.
Description
The following errors have been discovered in MPlayer:
- Felipe Manzano and Anibal Sacco (Core Security Technologies) reported an array indexing error in the file libmpdemux/demux_mov.c when parsing MOV file headers (CVE-2008-0485).
- Damian Frizza and Alfredo Ortega (Core Security Technologies) reported a boundary error in the file libmpdemux/demux_audio.c when parsing FLAC comments (CVE-2008-0486).
- Adam Bozanich (Mu Security) reported boundary errors in the cddb_parse_matches_list() and cddb_query_parse() functions in the file stream_cddb.c when parsing CDDB album titles (CVE-2008-0629) and in the url_scape_string() function in the file stream/url.c when parsing URLS (CVE-2008-0630).
Impact
A remote attacker could entice a user to open a specially crafted file, possibly resulting in the execution of arbitrary code with the privileges of the user running MPlayer.
Workaround
There is no known workaround at this time.
Resolution
All MPlayer users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_rc2_p25993"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | media-video/mplayer | <Β 1.0_rc2_p25993 | UNKNOWN |
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.207 Low
EPSS
Percentile
96.4%