Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 253649 (CVE-2007-6718) - media-video/mplayer<=1.0_rc2_p28058-r1 (CVE-2007-6718,CVE-2008-4610)
Summary: media-video/mplayer<=1.0_rc2_p28058-r1 (CVE-2007-6718,CVE-2008-4610)
Alias: CVE-2007-6718
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: A2? [glsa]
Depends on:
Reported: 2009-01-04 01:57 UTC by Stefan Behte (RETIRED)
Modified: 2013-10-25 19:17 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-01-04 01:57:25 UTC
CVE-2008-4610 (
  MPlayer allows remote attackers to cause a denial of service
  (application crash) via (1) a malformed AAC file, as demonstrated by
  lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated
  by lol-ffplay.ogm, different vectors than CVE-2007-6718.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2009-01-04 02:01:17 UTC
Name:      CVE-2007-6718
Published: 2008-10-20
Severity:  Medium

MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of
service (SIGSEGV and application crash) via (1) a malformed MP3 file,
as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as
demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as
demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as
demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as
demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as
demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as
demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as
demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as
demonstrated by lol-mplayer.aac.  NOTE: vector 5 might overlap
CVE-2007-4938, and vector 6 might overlap CVE-2008-0486.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2009-01-04 15:20:25 UTC
I don't think anyone claimed anything more than a crash on these issues yet.

Upstream has patches for few issues, but some are unconfirmed or not followed up on:
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2009-01-04 16:26:40 UTC
It's unclear if code execution is possible, these bugs were found by fuzzing and not examined closely. Hanno also labled this "crashers / potential security risks in mplayer".
Comment 4 Jaak Ristioja 2010-07-23 08:30:57 UTC
There is no <=media-video/mplayer-1.0_rc2_p28058-r1 in portage any more.
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2011-10-14 03:39:28 UTC
From what I can tell looking at the ffmpeg changelog included in our stable mplayer, the bundled version is more recent than ffmpeg 0.6, which is more recent than the fixed version listed in the original third-party advisory at [1], which states:

 Upgrade to FFmpeg SVN trunk >= revision 16846


Moving this to [glsa] and please comment if you disagree with the above (not so stellar) analysis. Will GLSA with other mplayer issues.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2013-10-25 19:17:00 UTC
This issue was resolved and addressed in
 GLSA 201310-13 at
by GLSA coordinator Sean Amoss (ackle).