MPlayer GUI TranslateFilename Overflow

2004-06-27T06:59:59
ID OSVDB:7282
Type osvdb
Reporter c0ntex(c0ntex@open-security.org)
Modified 2004-06-27T06:59:59

Description

Vulnerability Description

An overflow exists in the TranslateFilename function in Gui/mplayer/common.c of MPlayer. MPlayer fails to verify the lengh of the guiIntfStruct.Filename variable resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.

Solution Description

Upgrade to version in cvs, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: apply the patch in the original advisory or recompile MPlayer without GUI support.

Short Description

An overflow exists in the TranslateFilename function in Gui/mplayer/common.c of MPlayer. MPlayer fails to verify the lengh of the guiIntfStruct.Filename variable resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.

References:

Vendor URL: http://www.mplayerhq.hu Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:11945 Secunia Advisory ID:12102 Other Advisory URL: http://www.open-security.org/advisories/5 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-06/0433.html ISS X-Force ID: 16532 Generic Exploit URL: http://www.open-security.org/advisories/5 CVE-2004-0659