Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 122029 - media-video/mplayer ASF File Parsing Integer Overflow (CAN-2006-0579)
Summary: media-video/mplayer ASF File Parsing Integer Overflow (CAN-2006-0579)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/18718/
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2006-02-07 12:48 UTC by Sune Kloppenborg Jeppesen
Modified: 2008-01-14 22:07 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen gentoo-dev 2006-02-07 12:48:52 UTC
AFI Security Research has discovered two vulnerabilities in mplayer, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
 
 Integer overflow errors exist in the "new_demux_packet()" function in "libmpdemux/demuxer.h" and the "demux_asf_read_packet()" function in "libmpdemux/demux_asf.c" when allocating memory to copy data from an ".asf" file. This can be exploited to cause heap-based buffer overflows via a specially crafted ".asf" file with an overly large value in the packet length field. 
 
 The vulnerabilities have been confirmed in version 1.0pre7try2. Other versions may also be affected.

Solution:
Do not open untrusted ".asf" files.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2006-02-11 13:56:54 UTC
Waiting for upstream patch...
Comment 2 Reimar Döffinger 2006-02-12 01:43:31 UTC
Please avoid saying ".asf", it sounds like you mean the extension, but what matters here is that it is ASF file format - nobody cares about the extension.
And maybe this: http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/main/libmpdemux/demuxer.h.diff?r1=1.87&r2=1.88
already fixes it.
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2006-02-12 11:00:20 UTC
Should be bundled with bug 115760
Comment 4 Reimar Döffinger 2006-02-13 08:41:37 UTC
This would be the current version of that patch:
http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/main/libmpdemux/demuxer.h.diff?r1=1.87&r2=1.90&f=u
Just to make clear: I did _not_ check demux_asf.c for (further) problems.
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2006-02-16 12:58:47 UTC
*
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2006-02-21 10:39:25 UTC
Stable handling on bug 115760
Comment 7 Thierry Carrez (RETIRED) gentoo-dev 2006-03-03 10:11:43 UTC
Common GLSA with bug 115760
Comment 8 Thierry Carrez (RETIRED) gentoo-dev 2006-03-04 10:09:12 UTC
GLSA 200603-03
Comment 9 Derek Hval (DISABLED FOR SPAM) 2008-01-14 22:04:28 UTC
(Spam administratively removed, by robbat2@gentoo.org, at Tue Jan 15 00:37:28 UTC 2008)
Comment 10 Derek Hval (DISABLED FOR SPAM) 2008-01-14 22:07:36 UTC
(Spam administratively removed, by robbat2@gentoo.org, at Tue Jan 15 00:37:28 UTC 2008)