ID SECURITYVULNS:DOC:18110 Type securityvulns Reporter Securityvulns Modified 2007-10-04T00:00:00
Description
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mandriva Linux Security Advisory MDKSA-2007:192
http://www.mandriva.com/security/
Package : mplayer
Date : October 1, 2007
Affected: 2007.0, 2007.1
Problem Description:
A heap-based buffer overflow was found in MPlayer's AVI handling
that could allow a remote attacker to cause a denial of service or
possibly execute arbitrary code via a crafted .avi file.
Updated packages have been patched to prevent this issue.
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
{"id": "SECURITYVULNS:DOC:18110", "bulletinFamily": "software", "title": "[ MDKSA-2007:192 ] - Updated mplayer packages fix vulnerability", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n \r\n Mandriva Linux Security Advisory MDKSA-2007:192\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n \r\n Package : mplayer\r\n Date : October 1, 2007\r\n Affected: 2007.0, 2007.1\r\n _______________________________________________________________________\r\n \r\n Problem Description:\r\n \r\n A heap-based buffer overflow was found in MPlayer's AVI handling\r\n that could allow a remote attacker to cause a denial of service or\r\n possibly execute arbitrary code via a crafted .avi file.\r\n \r\n Updated packages have been patched to prevent this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n \r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4938\r\n _______________________________________________________________________\r\n \r\n Updated Packages:\r\n \r\n Mandriva Linux 2007.0:\r\n 664764460655f8fa3ffe837fe1c753c4 2007.0/i586/libdha1.0-1.0-1.pre8.13.5mdv2007.0.i586.rpm\r\n 92e7649f53c13651062b76f33b093f16 2007.0/i586/mencoder-1.0-1.pre8.13.5mdv2007.0.i586.rpm\r\n ea399734d197db1b88a8706ad9bf855a 2007.0/i586/mplayer-1.0-1.pre8.13.5mdv2007.0.i586.rpm\r\n 9d751d448cf399915dc11233f291bed5 2007.0/i586/mplayer-gui-1.0-1.pre8.13.5mdv2007.0.i586.rpm \r\n c015287479e38ccf22e271b3e97cc3ac 2007.0/SRPMS/mplayer-1.0-1.pre8.13.5mdv2007.0.src.rpm\r\n\r\n Mandriva Linux 2007.0/X86_64:\r\n a841c634484003178dbe3edcf04250fb 2007.0/x86_64/mencoder-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm\r\n 0c59b24ecd8977087b546ad373b5c556 2007.0/x86_64/mplayer-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm\r\n 8a9e6cd4f9b438470a08f770a6f3faca 2007.0/x86_64/mplayer-gui-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm \r\n c015287479e38ccf22e271b3e97cc3ac 2007.0/SRPMS/mplayer-1.0-1.pre8.13.5mdv2007.0.src.rpm\r\n\r\n Mandriva Linux 2007.1:\r\n 1f9dba71ed8296072bbb29a276b24349 2007.1/i586/libdha1.0-1.0-1.rc1.11.3mdv2007.1.i586.rpm\r\n b679aa7cfb01a9173539045c7ae06a42 2007.1/i586/mencoder-1.0-1.rc1.11.3mdv2007.1.i586.rpm\r\n 518690338f0b044e2e591f9cc49c3eab 2007.1/i586/mplayer-1.0-1.rc1.11.3mdv2007.1.i586.rpm\r\n 54a46f319a936e2e94c833385dc01b92 2007.1/i586/mplayer-doc-1.0-1.rc1.11.3mdv2007.1.i586.rpm\r\n bd9470eb57ee6ced6a9e3358d8d47484 2007.1/i586/mplayer-gui-1.0-1.rc1.11.3mdv2007.1.i586.rpm \r\n 3e6887feff803bc3a3efe864842e0679 2007.1/SRPMS/mplayer-1.0-1.rc1.11.3mdv2007.1.src.rpm\r\n\r\n Mandriva Linux 2007.1/X86_64:\r\n af0ee01741af03a7a75b6a5289dbca9d 2007.1/x86_64/mencoder-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm\r\n 0e7e5f18937ebd4a050a683da5116e3e 2007.1/x86_64/mplayer-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm\r\n 4eeb75257e99b553e90b2c767fce6903 2007.1/x86_64/mplayer-doc-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm\r\n 2604e564242de95388b4e543624db4dc 2007.1/x86_64/mplayer-gui-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm \r\n 3e6887feff803bc3a3efe864842e0679 2007.1/SRPMS/mplayer-1.0-1.rc1.11.3mdv2007.1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.7 (GNU/Linux)\r\n\r\niD8DBQFHAV4CmqjQ0CJFipgRAhrhAKC9bfRHlSG6+oVGztLTNtG5AfVqgACg21JC\r\nobuu0r4eZMhQuLCVAh4l7Ms=\r\n=WAef\r\n-----END PGP SIGNATURE-----", "published": "2007-10-04T00:00:00", "modified": "2007-10-04T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:18110", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2007-4938"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:23", "edition": 1, "viewCount": 1, "enchantments": {"score": {"value": 7.6, "vector": "NONE", "modified": "2018-08-31T11:10:23", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-4938"]}, {"type": "exploitdb", "idList": ["EDB-ID:30578"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310830179", "OPENVAS:830179"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8209"]}, {"type": "nessus", "idList": ["MANDRAKE_MDKSA-2007-192.NASL"]}], "modified": "2018-08-31T11:10:23", "rev": 2}, "vulnersScore": 7.6}, "affectedSoftware": [], "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:31:26", "description": "Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large \"indx truck size\" and nEntriesInuse values, and a certain wLongsPerEntry value.", "edition": 4, "cvss3": {}, "published": "2007-09-18T19:17:00", "title": "CVE-2007-4938", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": true, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4938"], "modified": "2018-10-15T21:38:00", "cpe": ["cpe:/o:sgi:irix:*", "cpe:/a:mplayer:mplayer:1.0_rc1"], "id": "CVE-2007-4938", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4938", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:sgi:irix:*:*:*:*:*:*:*:*", "cpe:2.3:a:mplayer:mplayer:1.0_rc1:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-24T12:56:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4938"], "description": "Check for the Version of mplayer", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830179", "href": "http://plugins.openvas.org/nasl.php?oid=830179", "type": "openvas", "title": "Mandriva Update for mplayer MDKSA-2007:192 (mplayer)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mplayer MDKSA-2007:192 (mplayer)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A heap-based buffer overflow was found in MPlayer's AVI handling\n that could allow a remote attacker to cause a denial of service or\n possibly execute arbitrary code via a crafted .avi file.\n\n Updated packages have been patched to prevent this issue.\";\n\ntag_affected = \"mplayer on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-10/msg00001.php\");\n script_id(830179);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:57:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDKSA\", value: \"2007:192\");\n script_cve_id(\"CVE-2007-4938\");\n script_name( \"Mandriva Update for mplayer MDKSA-2007:192 (mplayer)\");\n\n script_summary(\"Check for the Version of mplayer\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libdha1.0\", rpm:\"libdha1.0~1.0~1.rc1.11.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mencoder\", rpm:\"mencoder~1.0~1.rc1.11.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mplayer\", rpm:\"mplayer~1.0~1.rc1.11.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mplayer-doc\", rpm:\"mplayer-doc~1.0~1.rc1.11.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mplayer-gui\", rpm:\"mplayer-gui~1.0~1.rc1.11.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libdha1.0\", rpm:\"libdha1.0~1.0~1.pre8.13.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mencoder\", rpm:\"mencoder~1.0~1.pre8.13.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mplayer\", rpm:\"mplayer~1.0~1.pre8.13.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mplayer-gui\", rpm:\"mplayer-gui~1.0~1.pre8.13.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:38:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4938"], "description": "Check for the Version of mplayer", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830179", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830179", "type": "openvas", "title": "Mandriva Update for mplayer MDKSA-2007:192 (mplayer)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mplayer MDKSA-2007:192 (mplayer)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A heap-based buffer overflow was found in MPlayer's AVI handling\n that could allow a remote attacker to cause a denial of service or\n possibly execute arbitrary code via a crafted .avi file.\n\n Updated packages have been patched to prevent this issue.\";\n\ntag_affected = \"mplayer on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-10/msg00001.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830179\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:57:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDKSA\", value: \"2007:192\");\n script_cve_id(\"CVE-2007-4938\");\n script_name( \"Mandriva Update for mplayer MDKSA-2007:192 (mplayer)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of mplayer\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libdha1.0\", rpm:\"libdha1.0~1.0~1.rc1.11.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mencoder\", rpm:\"mencoder~1.0~1.rc1.11.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mplayer\", rpm:\"mplayer~1.0~1.rc1.11.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mplayer-doc\", rpm:\"mplayer-doc~1.0~1.rc1.11.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mplayer-gui\", rpm:\"mplayer-gui~1.0~1.rc1.11.3mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libdha1.0\", rpm:\"libdha1.0~1.0~1.pre8.13.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mencoder\", rpm:\"mencoder~1.0~1.pre8.13.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mplayer\", rpm:\"mplayer~1.0~1.pre8.13.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mplayer-gui\", rpm:\"mplayer-gui~1.0~1.pre8.13.5mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2016-02-03T12:39:04", "description": "MPlayer 1.0 AVIHeader.C Heap Based Buffer Overflow Vulnerability. CVE-2007-4938 . Dos exploit for linux platform", "published": "2007-09-12T00:00:00", "type": "exploitdb", "title": "MPlayer 1.0 AVIHeader.C Heap Based Buffer Overflow Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-4938"], "modified": "2007-09-12T00:00:00", "id": "EDB-ID:30578", "href": "https://www.exploit-db.com/exploits/30578/", "sourceData": "source: http://www.securityfocus.com/bid/25648/info\r\n\r\nMPlayer is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input data.\r\n\r\nAttackers can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed attacks will result in denial-of-service conditions.\r\n\r\nMPlayer 1.0rc1 is vulnerable; other versions may also be affected.\r\n\r\nNOTE: The vendor states that this issue is present only on operating systems with a 'calloc' implementation that is prone to an integer-overflow issue. \r\n\r\nThe following proof-of-concept AVI header data is available:\r\n69 6E 64 78 00 FF FF FF 01 11 64 73 20 00 00 10\r\n\r\nindx truck size 0xffffff00\r\nwLongsPerEntry 0x0001\r\nBIndexSubType is 0x64\r\nbIndexType is 0x73\r\nnEntriesInuse is 0x10000020 ", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/30578/"}], "securityvulns": [{"lastseen": "2018-08-31T11:09:27", "bulletinFamily": "software", "cvelist": ["CVE-2007-4938"], "description": "Buffer overflow on AVI files parsing.", "edition": 1, "modified": "2007-10-04T00:00:00", "published": "2007-10-04T00:00:00", "id": "SECURITYVULNS:VULN:8209", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8209", "title": "MPlayer buffer overflow", "type": "securityvulns", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-07T11:51:46", "description": "A heap-based buffer overflow was found in MPlayer's AVI handling that\ncould allow a remote attacker to cause a denial of service or possibly\nexecute arbitrary code via a crafted .avi file.\n\nUpdated packages have been patched to prevent this issue.", "edition": 25, "published": "2007-10-03T00:00:00", "title": "Mandrake Linux Security Advisory : mplayer (MDKSA-2007:192)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-4938", "CVE-2007-6718", "CVE-2006-1502"], "modified": "2007-10-03T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libdha1.0", "cpe:/o:mandriva:linux:2007", "p-cpe:/a:mandriva:linux:mplayer", "cpe:/o:mandriva:linux:2007.1", "p-cpe:/a:mandriva:linux:mencoder", "p-cpe:/a:mandriva:linux:mplayer-doc", "p-cpe:/a:mandriva:linux:mplayer-gui"], "id": "MANDRAKE_MDKSA-2007-192.NASL", "href": "https://www.tenable.com/plugins/nessus/26902", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:192. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(26902);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-1502\", \"CVE-2007-4938\", \"CVE-2007-6718\");\n script_xref(name:\"MDKSA\", value:\"2007:192\");\n\n script_name(english:\"Mandrake Linux Security Advisory : mplayer (MDKSA-2007:192)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A heap-based buffer overflow was found in MPlayer's AVI handling that\ncould allow a remote attacker to cause a denial of service or possibly\nexecute arbitrary code via a crafted .avi file.\n\nUpdated packages have been patched to prevent this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libdha1.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mencoder\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mplayer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mplayer-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:mplayer-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libdha1.0-1.0-1.pre8.13.5mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"mencoder-1.0-1.pre8.13.5mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"mplayer-1.0-1.pre8.13.5mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"mplayer-gui-1.0-1.pre8.13.5mdv2007.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libdha1.0-1.0-1.rc1.11.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mencoder-1.0-1.rc1.11.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mplayer-1.0-1.rc1.11.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mplayer-doc-1.0-1.rc1.11.3mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"mplayer-gui-1.0-1.rc1.11.3mdv2007.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}]}
