251277 – (CVE-2008-5616) media-video/mplayer < 1.0_rc2_r28150 demux_vqf.c buffer overflow (CVE-2008-5616)

Bug 251277 (CVE-2008-5616) - media-video/mplayer < 1.0_rc2_r28150 demux_vqf.c buffer overflow (CVE-2008-5616)

Summary: media-video/mplayer < 1.0_rc2_r28150 demux_vqf.c buffer overflow (CVE-2008-5616)

Status:	RESOLVED DUPLICATE of bug 251017

Alias:	CVE-2008-5616

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High major (vote)
Assignee:	Gentoo Security

URL:	http://cve.mitre.org/cgi-bin/cvename....
Whiteboard:	A2 [ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2008-12-17 03:00 UTC by stupendoussteve
Modified:	2008-12-17 03:09 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description stupendoussteve 2008-12-17 03:00:01 UTC

Stack-based buffer overflow in the demux_open_vqf function in
libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote
attackers to execute arbitrary code via a malformed TwinVQ file.

Original advisory: http://trapkit.de/advisories/TKADV2008-014.txt

Reproducible: Always

Comment 1 stupendoussteve 2008-12-17 03:09:01 UTC


*** This bug has been marked as a duplicate of bug 251017 ***