Package: libavcodec51 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for libavcodec51.
CVE-2008-4610[0]: | MPlayer allows remote attackers to cause a denial of service | (application crash) via (1) a malformed AAC file, as demonstrated by | lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated | by lol-ffplay.ogm, different vectors than CVE-2007-6718. It turned out that the lol-ffplay.ogm crashing mplayer is not a bug in mplayer but a problem in ffmpeg itself. I tracked this down to libavcodec/vp3.c, table->table being NULL causes the GET_VLC macro in bitstream.h to dereference a NULL ptr which then causes mplayer to crash. Attached is a patch to fix this, I am not sure if that is the correct way to fix this as I have no insight on the code functionality itself but at least it prevents mplayer from crashing. So you might want to check back with upstream. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4610 http://security-tracker.debian.net/tracker/CVE-2008-4610 -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
--- libavcodec/vp3.c 2008-12-23 21:06:32.000000000 +0100
+++ libavcodec/vp3.c.new 2008-12-23 21:07:22.000000000 +0100
@@ -1165,7 +1165,7 @@
if (fragment->coeff_count > coeff_index)
continue;
- if (!eob_run) {
+ if (!eob_run && table->table) {
/* decode a VLC into a token */
token = get_vlc2(gb, table->table, 5, 3);
debug_vlc(" token = %2d, ", token);
pgpC8s2hoYGwb.pgp
Description: PGP signature
