Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 231836 - media-video/mplayer < 1.0_rc2_p27725 FFmpeg psxstr.c Buffer overflow (CVE-2008-3162)
Summary: media-video/mplayer < 1.0_rc2_p27725 FFmpeg psxstr.c Buffer overflow (CVE-200...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa]
Keywords:
Depends on: CVE-2008-3162 241110
Blocks:
  Show dependency tree
 
Reported: 2008-07-15 03:32 UTC by Robert Buchholz (RETIRED)
Modified: 2009-01-12 19:50 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
mplayer-1.0_rc2_p26753-CVE-2008-3162.patch (mplayer-1.0_rc2_p26753-CVE-2008-3162.patch,2.92 KB, patch)
2008-07-15 03:33 UTC, Robert Buchholz (RETIRED)
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2008-07-15 03:32:58 UTC
+++ This bug was initially created as a clone of Bug #231831 +++

CVE-2008-3162 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3162):
  Stack-based buffer overflow in the str_read_packet function in
  libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause
  a denial of service (application crash) or execute arbitrary code via a
  crafted STR file that interleaves audio and video sectors.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-07-15 03:33:22 UTC
Created attachment 160415 [details, diff]
mplayer-1.0_rc2_p26753-CVE-2008-3162.patch
Comment 2 Steve Dibb (RETIRED) gentoo-dev 2008-10-07 01:57:21 UTC
mplayer-1.0_rc2_p27725 in the tree
Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-10-09 21:53:00 UTC
(In reply to comment #2)
> mplayer-1.0_rc2_p27725 in the tree
> 

Some ~arch keywords are missing, is that intentional?
Comment 4 Steve Dibb (RETIRED) gentoo-dev 2008-10-10 13:12:57 UTC
(In reply to comment #3)
> (In reply to comment #2)
> > mplayer-1.0_rc2_p27725 in the tree
> > 
> 
> Some ~arch keywords are missing, is that intentional?
> 

No, that was a bit of a keyword snafoo on my part.  See bug 241110
Comment 5 Christian Hoffmann (RETIRED) gentoo-dev 2008-10-19 09:51:08 UTC
Stabling is handled in bug 239130.
Comment 6 Robert Buchholz (RETIRED) gentoo-dev 2008-11-29 14:08:42 UTC
request filed
Comment 7 Tobias Heinlein (RETIRED) gentoo-dev 2009-01-12 19:50:53 UTC
GLSA 200901-07. Thanks everyone, sorry about the delay.