GLSA-200705-21 : MPlayer: Two buffer overflows

The remote host is affected by the vulnerability described in GLSA-200705-21 MPlayer: Two buffer overflows A buffer overflow has been reported in the DMOVideoDecoderOpen function in file loader/dmo/DMOVideoDecoder.c. Another buffer overflow has been reported in the DSVideoDecoderOpen function in...

MPlayer: Two buffer overflows

Background MPlayer is a media player incuding support for a wide range of audio and video formats. Description A buffer overflow has been reported in the DMOVideoDecoderOpen function in file loader/dmo/DMOVideoDecoder.c. Another buffer overflow has been reported in the DSVideoDecoderOpen function...

mplayer-overflow.txt

There's an exploitable buffer overflow in the current version of MPlayer v1.0rc1 which can be exploited with a maliciously crafted video file. It's hidden in the function DMOVideoDecoder in the file loader/dmo/DMOVideoDecoder.c. The variable format-biSize gets its value directly from the video...

CVE-2007-1246

The DMOVideoDecoderOpen function in loader/dmo/DMOVideoDecoder.c in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerabilit...

CVE-2007-1246

The CVE-2007-1246 issue affects MPlayer prior to/including 1.0rc1 (as used in xine-lib). The vulnerability resides in DMO_VideoDecoder_Open (loader/dmo/DMO_VideoDecoder.c) where biSize is not set before a memcpy, enabling a user‑assisted remote attacker to trigger a buffer overflow and potentiall...