253649 – (CVE-2007-6718) media-video/mplayer<=1.0_rc2_p28058-r1 (CVE-2007-6718,CVE-2008-4610)

Bug 253649 (CVE-2007-6718) - media-video/mplayer<=1.0_rc2_p28058-r1 (CVE-2007-6718,CVE-2008-4610)

Summary: media-video/mplayer<=1.0_rc2_p28058-r1 (CVE-2007-6718,CVE-2008-4610)

Status:	RESOLVED FIXED

Alias:	CVE-2007-6718

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://www.openwall.com/lists/oss-sec...
Whiteboard:	A2? [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2009-01-04 01:57 UTC by Stefan Behte (RETIRED)
Modified:	2013-10-25 19:17 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2009-01-04 01:57:25 UTC

CVE-2008-4610 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4610):
  MPlayer allows remote attackers to cause a denial of service
  (application crash) via (1) a malformed AAC file, as demonstrated by
  lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated
  by lol-ffplay.ogm, different vectors than CVE-2007-6718.

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2009-01-04 02:01:17 UTC

Name:      CVE-2007-6718
URL:       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6718
Published: 2008-10-20
Severity:  Medium
Description:

MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of
service (SIGSEGV and application crash) via (1) a malformed MP3 file,
as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as
demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as
demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as
demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as
demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as
demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as
demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as
demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as
demonstrated by lol-mplayer.aac.  NOTE: vector 5 might overlap
CVE-2007-4938, and vector 6 might overlap CVE-2008-0486.

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2009-01-04 15:20:25 UTC

I don't think anyone claimed anything more than a crash on these issues yet.

Upstream has patches for few issues, but some are unconfirmed or not followed up on:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407010
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509616

Comment 3 Stefan Behte (RETIRED) gentoo-dev

2009-01-04 16:26:40 UTC

It's unclear if code execution is possible, these bugs were found by fuzzing and not examined closely. Hanno also labled this "crashers / potential security risks in mplayer".

Comment 4 Jaak Ristioja 2010-07-23 08:30:57 UTC

There is no <=media-video/mplayer-1.0_rc2_p28058-r1 in portage any more.

Comment 5 Tim Sammut (RETIRED) gentoo-dev

2011-10-14 03:39:28 UTC

From what I can tell looking at the ffmpeg changelog included in our stable mplayer, the bundled version is more recent than ffmpeg 0.6, which is more recent than the fixed version listed in the original third-party advisory at [1], which states:

 Upgrade to FFmpeg SVN trunk >= revision 16846

[1] http://www.trapkit.de/advisories/TKADV2009-004.txt

Moving this to [glsa] and please comment if you disagree with the above (not so stellar) analysis. Will GLSA with other mplayer issues.

Comment 6 GLSAMaker/CVETool Bot gentoo-dev

2013-10-25 19:17:00 UTC

This issue was resolved and addressed in
 GLSA 201310-13 at http://security.gentoo.org/glsa/glsa-201310-13.xml
by GLSA coordinator Sean Amoss (ackle).