Bug 257381

Summary:	media-video/mplayer <1.0_rc2_p28450 type conversion vulnerability in libavformat/4xm.c
Product:	Gentoo Security	Reporter:	Robert Buchholz (RETIRED) <rbu>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	media-video
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.trapkit.de/advisories/TKADV2009-004.txt
Whiteboard:	B2 [glsa]
Package list:		Runtime testing required:	---
Bug Depends on:	257217
Bug Blocks:

Description Robert Buchholz (RETIRED) gentoo-dev

2009-02-02 13:01:35 UTC

+++ This bug was initially created as a clone of Bug #257217 +++

From the advisory:
FFmpeg contains a type conversion vulnerability while parsing malformed 4X 
movie files. The vulnerability may be exploited by a (remote) attacker to 
execute arbitrary code in the context of FFmpeg or an application using 
the FFmpeg library.

Upstream has fixed this in svn r16846, i haven't found a release yet.

Comment 1 Steve Dibb (RETIRED) gentoo-dev

2009-02-03 06:13:39 UTC

mplayer-1.0_rc2_p28450 in the tree

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2009-02-04 14:26:49 UTC

Arches, please test and mark stable:
=media-video/mplayer-1.0_rc2_p28450
Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"

Comment 3 Brent Baude (RETIRED) gentoo-dev

2009-02-04 20:14:57 UTC

ppc64

Comment 4 Markus Meier gentoo-dev

2009-02-04 21:39:01 UTC

amd64/x86 stable

Comment 5 Jeroen Roovers (RETIRED) gentoo-dev

2009-02-05 02:35:41 UTC

Stable for HPPA.

Comment 6 Tobias Klausmann (RETIRED) gentoo-dev

2009-02-07 15:26:33 UTC

Stable on alpha.

Comment 7 Raúl Porcel (RETIRED) gentoo-dev

2009-02-09 14:30:11 UTC

ia64/sparc stable

Comment 8 Tobias Scherbaum (RETIRED) gentoo-dev

2009-02-11 17:11:23 UTC

ppc stable

Comment 9 Pierre-Yves Rofes (RETIRED) gentoo-dev

2009-03-20 08:32:59 UTC

GLSA 200903-33