Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#6596 - Warning on mplayer
Attached to Project:
Arch Linux
Opened by DaNiMoTh (DaNiMoTh) - Wednesday, 14 March 2007, 14:19 GMT
Last edited by Tobias Powalowski (tpowa) - Sunday, 08 April 2007, 07:31 GMT
Opened by DaNiMoTh (DaNiMoTh) - Wednesday, 14 March 2007, 14:19 GMT
Last edited by Tobias Powalowski (tpowa) - Sunday, 08 April 2007, 07:31 GMT
|
Details- ------------------------------------------------------------
Arch Linux Security Warning ALSW 2007-#15 - ------------------------------------------------------------ Name: mplayer Date: 2007-03-09 Severity: Normal Warning #: 2007-#15 - ------------------------------------------------------------ Product Background =================== A movie player for linux Problem Background =================== The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier does not set the biSize before use in a memcpy. Impact ====== This problem allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code. Problem Packages =================== Package: mplayer Repo: extra Group: multimedia Unsafe: <= 1.0rc1-4 Safe: Only patched Package Fix =================== Patch mplayer with this patch ( from SVN repo ): http://svn.mplayerhq.hu/mplayer/trunk/loader/dmo/DMO_VideoDecoder.c?r1=22019&r2=22204&view=patch This is commit: http://svn.mplayerhq.hu/mplayer/trunk/loader/dmo/DMO_VideoDecoder.c?r1=22019&r2=22204 And its comment: Precent overflow of this->m_sVhdr->bmiHeader buffer, may have been exploitable. Reference(s) =================== http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246 |
This task depends upon