MPlayer: Multiple buffer overflows

Security Team Contact Address

Updated March 10, 2008

1. Gentoo Linux Security Advisory

Advisory Reference	GLSA 200803-16 / mplayer
Release Date	March 10, 2008
Latest Revision	March 10, 2008: 01
Impact	normal
Exploitable	remote

Package	Vulnerable versions	Unaffected versions	Architecture(s)
media-video/mplayer	< 1.0_rc2_p25993	>= 1.0_rc2_p25993	All supported architectures

Related bugreports: #208566

Synopsis

Multiple vulnerabilities have been discovered in MPlayer, possibly allowing for the remote execution of arbitrary code.

2. Impact Information

Background

MPlayer is a media player incuding support for a wide range of audio and video formats.

Description

The following errors have been discovered in MPlayer:

Felipe Manzano and Anibal Sacco (Core Security Technologies) reported an array indexing error in the file libmpdemux/demux_mov.c when parsing MOV file headers (CVE-2008-0485).
Damian Frizza and Alfredo Ortega (Core Security Technologies) reported a boundary error in the file libmpdemux/demux_audio.c when parsing FLAC comments (CVE-2008-0486).
Adam Bozanich (Mu Security) reported boundary errors in the cddb_parse_matches_list() and cddb_query_parse() functions in the file stream_cddb.c when parsing CDDB album titles (CVE-2008-0629) and in the url_scape_string() function in the file stream/url.c when parsing URLS (CVE-2008-0630).

Impact

A remote attacker could entice a user to open a specially crafted file, possibly resulting in the execution of arbitrary code with the privileges of the user running MPlayer.

3. Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All MPlayer users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_rc2_p25993"

4. References