On Wed, Dec 13, 2006 at 04:00:02PM +0100, Pierre Habouzit wrote: > Package: mplayer > Version: 1.0~rc1-2 > Severity: grave > Tags: security > Justification: user security hole > > While playing http://madism.org/~madcoder/pub/foobar.mpeg mplayer > segfaults, somewhere in mpeg2_idct_copy_mmx. > > xine and vlc that use debian libpmeg2 instead do not segfault. > > > I'm not 100% sure it's a security problem, but it's very likely.
my opinion so far is that this is not a security problem this is my feeling: it may be that the mpeg stream does not contain proper motion-compensate data, or an I frame; libmpcodecs/vd_libmpeg2.c does not detect this, and tries to motion-compensate, and fails. This then would not be a possible path for attack: there is no memory or stack that may be overflown here (but rather there is allocated memory that is then not initialized) a. -- Andrea Mennucc "The EULA sounds like it was written by a team of lawyers who want to tell me what I can't do, and the GPL sounds like it was written by a human being who wants me to know what I can do." Anonymous, http://www.securityfocus.com/columnists/420 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]