Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 251567 - MPlayer TwinVQ Processing Stack Buffer Overflow Vulnerability
Summary: MPlayer TwinVQ Processing Stack Buffer Overflow Vulnerability
Status: RESOLVED DUPLICATE of bug 251017
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://trapkit.de/advisories/TKADV200...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-12-18 23:21 UTC by Matt
Modified: 2008-12-19 17:47 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matt 2008-12-18 23:21:04 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Advisory:               MPlayer TwinVQ Processing Stack Buffer Overflow 
                        Vulnerability
Advisory ID:            TKADV2008-014
Revision:               1.0              
Release Date:           2008/12/14 
Last Modified:          2008/12/14
Date Reported:          2008/12/07
Author:                 Tobias Klein (tk at trapkit.de)
Affected Software:      MPlayer 1.0rc2    < r28150 and 
                        MPlayer SVN trunk < r28149
Remotely Exploitable:   Yes
Locally Exploitable:    No 
Vendor URL:             http://www.mplayerhq.hu 
Vendor Status:          Vendor has released an updated version
Patch development time: 8 days


======================
Vulnerability Details: 
======================

MPlayer contains a stack buffer overflow vulnerability while parsing 
malformed TwinVQ media files. The vulnerability may be exploited by a 
(remote) attacker to execute arbitrary code in the context of MPlayer.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-12-19 17:47:57 UTC

*** This bug has been marked as a duplicate of bug 251017 ***