Package: mplayer Version: 1.0~rc1-16 Severity: important Tags: security Hi, a CVE has been issued against mplayer. CVE-2007-4938[0]: Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.
This is not really an important issue, it is just possible to create a NULL pointer dereference here which leads to an application crash. However in glibc < 2.5 (etch) this leads to an heap overflow because of a missing integer overflow check in glibc < 2.5. See http://cert.uni-stuttgart.de/advisories/calloc.php this was merged into glibc in 2.5. http://svn.mplayerhq.hu/mplayer/trunk/libmpdemux/aviheader.c?r1=23985&r2=24447 should fix this issue. If you fix this issue please include the CVE id in your changelog. [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4938 Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpfDhX1wTF11.pgp
Description: PGP signature
