Description: MPlayer contains a stack buffer overflow vulnerability while parsing malformed TwinVQ media files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of MPlayer. Fix in SVN: http://svn.mplayerhq.hu/mplayer/branches/1.0rc2/libmpdemux/demux_vqf.c?r1=24723&r2=28150&pathrev=28150 Also from Secunia: http://secunia.com/Advisories/33136/
*** Bug 251277 has been marked as a duplicate of this bug. ***
This has been assigned CVE-2008-5616
Patch applied in mplayer-1.0_rc2_p28058-r1 Thanks, Bruno
CVE-2008-5616 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5616): Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file.
Arches, please test and mark stable: =media-video/mplayer-1.0_rc2_p28058-r1 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
Stable for HPPA.
amd64/x86 stable
ppc64 done
ppc stable
*** Bug 251567 has been marked as a duplicate of this bug. ***
Stable on alpha.
ia64/sparc stable
GLSA together with bug 239130 and bug 231836.
GLSA 200901-07. Thanks everyone, sorry about the delay.