Summary: | media-video/mplayer DMO buffer overflow (CVE-2007-1246) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Executioner <keith> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | media-video |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/fulldisclosure/2007/Mar/0002.html | ||
Whiteboard: | B2 [glsa] jaervosz | ||
Package list: | Runtime testing required: | --- |
Description
Executioner
2007-03-01 18:10:43 UTC
"This got fixed [1] in trunk two weeks ago." If anyone wants to find the patch, that'd be great. this looks like the patch: http://svn.mplayerhq.hu/mplayer/trunk/loader/dmo/DMO_VideoDecoder.c?r1=22019&r2=22204 I'm thinking about adding a snapshot of ffmpeg and mplayer in the weekend i doubt this whole thing. line 134 allocates memory based upon the value in bihs. due to line 119 and 120, this value should be ok (actually, a bit larger than format->biSize due to line 134). i see no way how format->biSize can be larger than the allocated memory. comments? According to http://secunia.com/advisories/24444/, this bug is now fixed in the SVN repository (CVE-2007-1246) Luca or video-team any news on this? (In reply to comment #6) > Luca or video-team any news on this? > its a work in progress Is it just me or is this a dupe of #170208 (In reply to comment #8) > Is it just me or is this a dupe of #170208 > Same origin, but mplayer is still vulnerable. Video team, is your work going well? Media-video any news on this one? Finally fixed the naming scheme, mplayer-1.0.20070321 is our security fix. Thx Beandog. Arches please test and mark stable. Target keywords are: mplayer-1.0.20070321.ebuild:KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd" ia64 + x86 stable 26 Apr 2007; Steve Dibb <beandog@gentoo.org> mplayer-1.0.20070321.ebuild: amd64 stable sparc stable. ppc64 stable Stable on Alpha. Stable for HPPA. ppc stable 200705-21 is out, thansk everybody |