[arch] [security] Warning on mplayer

Fri, 09 Mar 2007 08:08:40 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------
Arch Linux Security Warning        ALSW 2007-#15
- ------------------------------------------------------------

Name:      mplayer
Date:      2007-03-09
Severity:  Normal
Warning #: 2007-#15

- ------------------------------------------------------------

Product Background
===================
A movie player for linux

Problem Background
===================
The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c
in MPlayer 1.0rc1 and earlier does not set the biSize before use in a
memcpy.

Impact
======
This problem allows user-assisted remote attackers to cause a buffer
overflow and possibly execute arbitrary code.

Problem Packages
===================
- ------------------------------------------------------------------
Package       |   Repo    |   Group    |   Unsafe   |    Safe    |
- ------------------------------------------------------------------
mplayer           extra     multimedia  <= 1.0rc1-4   Only patched

Package Fix
===================

Patch mplayer with this patch ( from SVN repo ):
http://svn.mplayerhq.hu/mplayer/trunk/loader/dmo/DMO_VideoDecoder.c?r1=22019&r2=22204&view=patch

This is commit:
http://svn.mplayerhq.hu/mplayer/trunk/loader/dmo/DMO_VideoDecoder.c?r1=22019&r2=22204
And its comment:
Precent overflow of this->m_sVhdr->bmiHeader buffer, may have been
exploitable.

====================

Unofficial ArchLinux Security Bug Tracker:
http://jjdanimoth.netsons.org/alsw.html
where I will summarize all warning.
I try to make a place where we, members of community, can talk about
these:
http://jjdanimoth.netsons.org/flyspray/

I'm away from 10-03-2007 to 15-03-2007. I hope that community members
continues to open new security bug in my absence  ;)
(Use my unofficial security tracker, waiting official response from
devs ).
Thank you.

Reference(s)
===================

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246

Contact
==================
JJDaNiMoTh < jjdanimoth AT gmail DOT com >
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFF8YW0cJj0HNhER0MRApS0AJ9U//Wu6vgid6x3h9oK2NlCv6FyygCcCO8l
ooJvh+dCv9o4KpfSOncBiTc=
=Mrjo
-----END PGP SIGNATURE-----


_______________________________________________
arch mailing list
arch@archlinux.org
http://www.archlinux.org/mailman/listinfo/arch

Reply via email to