| Summary: | MPlayer TwinVQ Processing Stack Buffer Overflow Vulnerability | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Matt <jackdachef> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | normal | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://trapkit.de/advisories/TKADV2008-014.txt | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
*** This bug has been marked as a duplicate of bug 251017 *** |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: MPlayer TwinVQ Processing Stack Buffer Overflow Vulnerability Advisory ID: TKADV2008-014 Revision: 1.0 Release Date: 2008/12/14 Last Modified: 2008/12/14 Date Reported: 2008/12/07 Author: Tobias Klein (tk at trapkit.de) Affected Software: MPlayer 1.0rc2 < r28150 and MPlayer SVN trunk < r28149 Remotely Exploitable: Yes Locally Exploitable: No Vendor URL: http://www.mplayerhq.hu Vendor Status: Vendor has released an updated version Patch development time: 8 days ====================== Vulnerability Details: ====================== MPlayer contains a stack buffer overflow vulnerability while parsing malformed TwinVQ media files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of MPlayer.