Summary: | media-video/mplayer<=1.0_rc2_p28058-r1 (CVE-2007-6718,CVE-2008-4610) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | jaak, media-video |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2008/10/07/1 | ||
Whiteboard: | A2? [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Stefan Behte (RETIRED)
2009-01-04 01:57:25 UTC
Name: CVE-2007-6718 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6718 Published: 2008-10-20 Severity: Medium Description: MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as demonstrated by lol-mplayer.aac. NOTE: vector 5 might overlap CVE-2007-4938, and vector 6 might overlap CVE-2008-0486. I don't think anyone claimed anything more than a crash on these issues yet. Upstream has patches for few issues, but some are unconfirmed or not followed up on: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407010 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509616 It's unclear if code execution is possible, these bugs were found by fuzzing and not examined closely. Hanno also labled this "crashers / potential security risks in mplayer". There is no <=media-video/mplayer-1.0_rc2_p28058-r1 in portage any more. From what I can tell looking at the ffmpeg changelog included in our stable mplayer, the bundled version is more recent than ffmpeg 0.6, which is more recent than the fixed version listed in the original third-party advisory at [1], which states: Upgrade to FFmpeg SVN trunk >= revision 16846 [1] http://www.trapkit.de/advisories/TKADV2009-004.txt Moving this to [glsa] and please comment if you disagree with the above (not so stellar) analysis. Will GLSA with other mplayer issues. This issue was resolved and addressed in GLSA 201310-13 at http://security.gentoo.org/glsa/glsa-201310-13.xml by GLSA coordinator Sean Amoss (ackle). |