Bug 46346

Summary:	mplayer: Exploitable remote buffer overflow vulnerability in the HTTP parser
Product:	Gentoo Security	Reporter:	Andreas Simon <andreas.w.simon>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED DUPLICATE
Severity:	critical
Priority:	High
Version:	unspecified
Hardware:	All
OS:	All
URL:	http://www.mplayerhq.hu/homepage/design6/news.html
Whiteboard:
Package list:		Runtime testing required:	---

Description Andreas Simon 2004-03-31 04:33:48 UTC

Today a security vulnerability for mplayer was reported:

Security Advisories:
http://www.mplayerhq.hu/homepage/design6/news.html
http://www.securityfocus.com/archive/1/359025


Severity:
HIGH (if playing HTTP streaming content)
LOW (if playing only normal files)

Description:
A remotely exploitable buffer overflow vulnerability was found in MPlayer. A malicious host can craft a harmful HTTP header ("Location:"), and trick MPlayer into executing arbitrary code upon parsing that header.

MPlayer versions affected:
MPlayer 0.90pre series
MPlayer 0.90rc series
MPlayer 0.90
MPlayer 0.91
MPlayer 1.0pre1
MPlayer 1.0pre2
MPlayer 1.0pre3

MPlayer versions unaffected:
MPlayer releases before 0.60pre1
MPlayer 0.92.1
MPlayer 1.0pre3try2
MPlayer 0_92 CVS
MPlayer HEAD CVS

Notification status:
Developers were notified on 2004.03.29 (by "blexim")
Fix was commited into HEAD CVS at 2004.03.30 12:58:43 CEST
MPlayer 0.92.1 (vuln-fix-only release) was released on 2003.03.30 16:45:00 CEST
MPlayer 1.0pre3try2 (vuln-fix-only release) was released on 2003.03.30 16:51:00 CEST

Patch availability:
A patch is available for all vulnerable versions here.
http://www.mplayerhq.hu/MPlayer/patches/vuln02-fix.diff

Suggested upgrading methods:
MPlayer 1.0pre3 users should upgrade to latest CVS
MPlayer 0.92 (and below) users should upgrade to 0.92.1 OR latest CVS

Comment 1 Kurt Lieber (RETIRED) gentoo-dev

2004-03-31 04:35:44 UTC


*** This bug has been marked as a duplicate of 46246 ***