CAL-20070912-1 Multiple vendor produce handling AVI file vulnerabilities
Code Audit Labs (http://www.vulnhunt.com) Code Audit for some popular
media player and discovered some vulnerabilities.
one heap overflow was discovered in MPlayer.
one heap overflow and one integer overflow were
* Code Audit Labs:
> that's funny, the above code still can be bypassed because of
> incorrect check order.
>
> and example code
> calloc(0x1001, 0x10);
>
> it will return NULL in winxp or gligc 2.5
> it will return 0x10 sizes heap in glibc <2.5(maybe prior) or
> win2000 s