Mplayer High Severity Buffer Overflow

Anonymous via Panta Rhei anonymous at panta-rhei.eu.org
Sun Feb 10 06:52:16 UTC 2008


Is a fix for Mplayer in Gutsy being worked on?



http://www.mplayerhq.hu/design7/news.html



"2008-01-30, Wednesday :: buffer overflow in stream_cddb.c 

posted by Roberto 

Summary

A buffer overflow was found and reported by Adam Bozanich of Musecurity in the code used to extract album titles from CDDB server answers. 

When parsing answers from the CDDB server, the album title is copied into a fixed-size buffer with insufficient size checks, which may cause a buffer overflow. A malicious database entry could trigger a buffer overflow in the program. That can lead to arbitrary code execution with the UID of the user running MPlayer. 

Severity

High (arbitrary code execution under the user ID running the player) when getting disk information from a malicious CDDB entry, null if you do not use this feature. Please note that it is possible to overwrite entries in the CDDB database, so an attack can also be performed via a non-compromised server. At the time the buffer overflow was fixed there was no known exploit in the wild. 

Solution

A fix for this problem was committed to SVN on Sun Jan 20 20:58:02 2008 UTC as r25824. Users of affected MPlayer versions should download a patch for MPlayer 1.0rc2 or update to the latest version if they are using SVN. 

Affected versions

MPlayer 1.0rc2 and SVN before r25824 (Sun Jan 20 20:58:02 2008 UTC). Older versions are probably affected, but they were not checked."





More information about the ubuntu-users mailing list