MPlayer SAMI Subtitle File Overflow

2011-09-07T00:00:00
ID SAINT:C5AD76E0FF47FFF411031AC6237935D5
Type saint
Reporter SAINT Corporation
Modified 2011-09-07T00:00:00

Description

Added: 09/07/2011
BID: 49149
OSVDB: 74604

Background

MPlayer is an open source media player with support for many operating systems.

Problem

MPlayer does not properly validate the contents of Synchronized Accessible Media Interchange (SAMI) caption files. If a video references a malformed SAMI file, it may trigger a stack overflow.

Resolution

While no official updated binary release has been made, the issue has been corrected in the SVN sourcecode repository as of r33471. Please rebuild MPlayer from source using r33471 or later.

References

<http://mplayerhq.hu/pipermail/mplayer-cvslog/2011-May/042075.html>
<http://labs.mwrinfosecurity.com/files/Advisories/mwri_mplayer-sami-subtitles_2011-08-12.pdf>

Limitations

This exploit has been tested against MPlayer Project SMPlayer 0.6.9 on Windows XP SP3 English (DEP OptIn) with KB959426.

Platforms

Windows