-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------ Arch Linux Security Warning ALSW 2007-#15 - ------------------------------------------------------------
Name: mplayer Date: 2007-03-09 Severity: Normal Warning #: 2007-#15 - ------------------------------------------------------------ Product Background =================== A movie player for linux Problem Background =================== The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier does not set the biSize before use in a memcpy. Impact ====== This problem allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code. Problem Packages =================== - ------------------------------------------------------------------ Package | Repo | Group | Unsafe | Safe | - ------------------------------------------------------------------ mplayer extra multimedia <= 1.0rc1-4 Only patched Package Fix =================== Patch mplayer with this patch ( from SVN repo ): http://svn.mplayerhq.hu/mplayer/trunk/loader/dmo/DMO_VideoDecoder.c?r1=22019&r2=22204&view=patch This is commit: http://svn.mplayerhq.hu/mplayer/trunk/loader/dmo/DMO_VideoDecoder.c?r1=22019&r2=22204 And its comment: Precent overflow of this->m_sVhdr->bmiHeader buffer, may have been exploitable. ==================== Unofficial ArchLinux Security Bug Tracker: http://jjdanimoth.netsons.org/alsw.html where I will summarize all warning. I try to make a place where we, members of community, can talk about these: http://jjdanimoth.netsons.org/flyspray/ I'm away from 10-03-2007 to 15-03-2007. I hope that community members continues to open new security bug in my absence ;) (Use my unofficial security tracker, waiting official response from devs ). Thank you. Reference(s) =================== http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246 Contact ================== JJDaNiMoTh < jjdanimoth AT gmail DOT com > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF8YW0cJj0HNhER0MRApS0AJ9U//Wu6vgid6x3h9oK2NlCv6FyygCcCO8l ooJvh+dCv9o4KpfSOncBiTc= =Mrjo -----END PGP SIGNATURE----- _______________________________________________ arch mailing list arch@archlinux.org http://www.archlinux.org/mailman/listinfo/arch