Public bug reported: Binary package hint: mplayer
Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negative integer after the conversion from a char to an int or (2) an AVI file with a crafted wLongsPerEntry or nEntriesInUse value in the indx chunk, which is handled in aviheader.c. I finally located a patch at http://cvs.mandriva.com/cgi- bin/viewvc.cgi/SPECS/mplayer/mplayer-1.0pre7-CVE-2006-1502.patch?revision=1.1.2.1&view=markup&pathrev=r1_0-1_pre7_12_3_20060mdk. ** Affects: mplayer (Ubuntu) Importance: Undecided Status: Fix Released ** Affects: mplayer (Ubuntu Dapper) Importance: Undecided Assignee: William Grant (fujitsu) Status: In Progress ** Visibility changed to: Public ** Changed in: mplayer (Ubuntu) Status: New => Fix Released ** Changed in: mplayer (Ubuntu Dapper) Assignee: (unassigned) => William Grant (fujitsu) Status: New => In Progress -- CVE-2006-1502: Multiple integer overflows in asfheader.c https://bugs.launchpad.net/bugs/163293 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
