| Summary: | A remotely exploitable buffer overflow vulnerability was found in MPlayer. | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Svein <svein> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | major | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.mplayerhq.hu/homepage/design6/news.html | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
Since nobody have reported it yet. Here it is: A malicious host can craft a harmful HTTP header ("Location:"), and trick MPlayer into executing arbitrary code upon parsing that header. MPlayer versions affected: MPlayer 0.90pre series MPlayer 0.90rc series MPlayer 0.90 MPlayer 0.91 MPlayer 1.0pre1 MPlayer 1.0pre2 MPlayer 1.0pre3 Reproducible: Always Steps to Reproduce: 1. 2. 3. Patch from mplayerhq.hu: diff -u -r1.17 -r1.18 --- http.c 13 Nov 2002 09:02:55 -0000 1.17 +++ http.c 30 Mar 2004 10:58:41 -0000 1.18 @@ -175,7 +175,7 @@ if( http_hdr->method==NULL ) http_set_method( http_hdr, "GET"); if( http_hdr->uri==NULL ) http_set_uri( http_hdr, "/"); else { - uri = (char*)malloc(strlen(http_hdr->uri)*2); + uri = (char*)malloc((strlen(http_hdr->uri)*3) + 1); if( uri==NULL ) { mp_msg(MSGT_NETWORK,MSGL_ERR,"Memory allocation failed\n"); return NULL;