VuXML ID | Description |
1b70bef4-649f-11d9-a30e-000a95bc6fae | libxine -- multiple buffer overflows in RTSP
A xine security announcement states:
Multiple vulnerabilities have been found and fixed in the
Real-Time Streaming Protocol (RTSP) client for RealNetworks
servers, including a series of potentially remotely
exploitable buffer overflows. This is a joint advisory by
the MPlayer and xine teams as the code in question is common
to these projects.
Severity: High (arbitrary remote code execution under the
user ID running the player) when playing Real RTSP streams.
At this time, there is no known exploit for these
vulnerabilities.
Discovery 2004-05-25 Entry 2005-01-12 mplayer
mplayer-gtk
mplayer-gtk2
mplayer-esound
mplayer-gtk-esound
mplayer-gtk2-esound
< 0.99.4
libxine
< 1.0.r4
CVE-2004-0433
http://xinehq.de/index.php/security/XSA-2004-3
http://xforce.iss.net/xforce/xfdb/16019
10245
|
3ac80dd2-14df-11dc-bcfc-0016179b2dd5 | mplayer -- cddb stack overflow
Mplayer Team reports:
A stack overflow was found in the code used to handle
cddb queries. When copying the album title and category,
no checking was performed on the size of the strings
before storing them in a fixed-size array. A malicious
entry in the database could trigger a stack overflow in
the program, leading to arbitrary code execution with the
uid of the user running MPlayer.
Discovery 2007-06-06 Entry 2007-06-07 mplayer
mplayer-esound
mplayer-gtk
mplayer-gtk2
mplayer-gtk-esound
mplayer-gtk2-esound
< 0.99.10_10
24302
CVE-2007-2948
|
5ccb1c14-e357-11dd-a765-0030843d3802 | mplayer -- vulnerability in STR files processor
Secunia reports:
The vulnerability is caused due to a boundary error within the
"str_read_packet()" function in libavformat/psxstr.c. This can be
exploited to cause a heap-based buffer overflow via a specially
crafted STR file.
Discovery 2008-07-09 Entry 2009-01-15 mplayer
mplayer-esound
mplayer-gtk
mplayer-gtk-esound
mplayer-gtk2
mplayer-gtk2-esound
< 0.99.11_10
CVE-2008-3162
30157
http://secunia.com/advisories/30994
https://roundup.mplayerhq.hu/roundup/ffmpeg/issue311
|
724e6f93-8f2a-11dd-821f-001cc0377035 | mplayer -- multiple integer overflows
The oCERT team reports:
The MPlayer multimedia player suffers from a vulnerability which
could result in arbitrary code execution and at the least, in
unexpected process termination. Three integer underflows located
in the Real demuxer code can be used to exploit a heap overflow,
a specific video file can be crafted in order to make the
stream_read function reading or writing arbitrary amounts of
memory.
Discovery 2008-09-30 Entry 2008-10-01 Modified 2008-10-02 mplayer
mplayer-esound
mplayer-gtk
mplayer-gtk2
mplayer-gtk-esound
mplayer-gtk2-esound
< 0.99.11_7
CVE-2008-3827
http://www.ocert.org/advisories/ocert-2008-013.html
|
7c5bd5b8-d652-11dd-a765-0030843d3802 | mplayer -- twinvq processing buffer overflow vulnerability
A trapkit reports:
MPlayer contains a stack buffer overflow vulnerability while
parsing malformed TwinVQ media files. The vulnerability may be
exploited by a (remote) attacker to execute arbitrary code in
the context of MPlayer.
Discovery 2008-12-14 Entry 2008-12-30 mplayer
mplayer-esound
mplayer-gtk
mplayer-gtk-esound
mplayer-gtk2
mplayer-gtk2-esound
< 0.99.11_9
CVE-2008-5616
http://secunia.com/advisories/33136/
http://trapkit.de/advisories/TKADV2008-014.txt
|
85d76f02-5380-11d9-a9e7-0001020eed82 | mplayer -- multiple vulnerabilities
iDEFENSE and the MPlayer Team have found multiple
vulnerabilities in MPlayer:
- Potential heap overflow in Real RTSP streaming code
- Potential stack overflow in MMST streaming code
- Multiple buffer overflows in BMP demuxer
- Potential heap overflow in pnm streaming code
- Potential buffer overflow in mp3lib
These vulnerabilities could allow a remote attacker to
execute arbitrary code as the user running MPlayer. The
problem in the pnm streaming code also affects xine.
Discovery 2004-12-10 Entry 2004-12-21 Modified 2005-01-12 mplayer
mplayer-gtk
mplayer-gtk2
mplayer-esound
mplayer-gtk-esound
mplayer-gtk2-esound
< 0.99.5_5
libxine
le 1.0.r5_3
CVE-2004-1187
CVE-2004-1188
http://mplayerhq.hu/homepage/design7/news.html#mplayer10pre5try2
http://marc.theaimsgroup.com/?l=bugtraq&m=110322526210300
http://www.idefense.com/application/poi/display?id=166
http://marc.theaimsgroup.com/?l=bugtraq&m=110322829807443
http://www.idefense.com/application/poi/display?id=167
http://marc.theaimsgroup.com/?l=bugtraq&m=110323022605345
http://www.idefense.com/application/poi/display?id=168
http://xinehq.de/index.php/security/XSA-2004-6
|
91c606fc-b5d0-11d9-a788-0001020eed82 | mplayer & libxine -- MMS and Real RTSP buffer overflow vulnerabilities
A xine security announcement reports:
By a user receiving data from a malicious network
streaming server, an attacker can overrun a heap buffer,
which can, on some systems, lead to or help in executing
attacker-chosen malicious code with the permissions of the
user running a xine-lib based media application.
Both the MMS and Real RTSP streaming client code made
some too-strong assumptions on the transferred
data. Several critical bounds checks were missing,
resulting in the possibility of heap overflows, should the
remote server not adhere to these assumptions. In the MMS
case, a remote server could present content with too many
individual streams; in the RTSP case, a remote server's
reply could have too many lines.
An attacker can set up a server delivering malicious data
to the users. This can be used to overflow a heap buffer,
which can, with certain implementations of heap
management, lead to attacker chosen data written to the
stack. This can cause attacker-chosen code being executed
with the permissions of the user running the
application. By tricking users to retrieve a stream, which
can be as easy as providing a link on a website, this
vulnerability can be exploited remotely.
Discovery 2005-04-16 Entry 2005-04-25 mplayer
mplayer-gtk
mplayer-gtk2
mplayer-esound
mplayer-gtk-esound
mplayer-gtk2-esound
< 0.99.7
libxine
ge 0.9.9 lt 1.0.1
13270
13271
CVE-2005-1195
http://www.mplayerhq.hu/homepage/design7/news.html#vuln10
http://www.mplayerhq.hu/homepage/design7/news.html#vuln11
http://xinehq.de/index.php/security/XSA-2004-8
|
abeb9b64-ce50-11db-bc24-0016179b2dd5 | mplayer -- DMO File Parsing Buffer Overflow Vulnerability
"Moritz Jodeit reports:
There's an exploitable buffer overflow in the current version
of MPlayer (v1.0rc1) which can be exploited with a maliciously
crafted video file. It is hidden in the DMO_VideoDecoder()
function of `loader/dmo/DMO_VideoDecoder.c' file.
Discovery 2007-02-11 Entry 2007-03-09 mplayer
mplayer-esound
mplayer-gtk
mplayer-gtk2
mplayer-gtk-esound
mplayer-gtk2-esound
< 0.99.10_5
22771
CVE-2007-1246
|
b2ff68b2-9f29-11db-a4e4-0211d87675b7 | mplayer -- buffer overflow in the code for RealMedia RTSP streams.
A potential buffer overflow was found in the code used to handle
RealMedia RTSP streams. When checking for matching asm rules, the code
stores the results in a fixed-size array, but no boundary checks are
performed. This may lead to a buffer overflow if the user is tricked
into connecting to a malicious server. Since the attacker cannot write
arbitrary data into the buffer, creating an exploit is very hard; but a
DoS attack is easily made.
A fix for this problem was committed to SVN on Sun Dec 31 13:27:53 2006
UTC as r21799. The fix involves three files: stream/realrtsp/asmrp.c,
stream/realrtsp/asmrp.h and stream/realrtsp/real.c.
Discovery 2006-12-31 Entry 2007-01-08 mplayer
mplayer-esound
mplayer-gtk
mplayer-gtk2
mplayer-gtk-esound
mplayer-gtk2-esound
< 0.99.10_1
ports/107217
CVE-2006-6172
http://www.mplayerhq.hu/design7/news.html
|
c7526a14-c4dc-11da-9699-00123ffe8333 | mplayer -- Multiple integer overflows
Secunia reports:
The vulnerabilities are caused due to integer overflow errors
in "libmpdemux/asfheader.c" within the handling of an ASF file,
and in "libmpdemux/aviheader.c" when parsing the "indx" chunk in
an AVI file. This can be exploited to cause heap-based buffer
overflows via a malicious ASF file, or via a AVI file with
specially-crafted "wLongsPerEntry" and "nEntriesInUse" values in
the "indx" chunk.
Discovery 2006-03-29 Entry 2006-04-07 mplayer
mplayer-esound
mplayer-gtk
mplayer-gtk2
mplayer-gtk-esound
mplayer-gtk2-esound
< 0.99.7_12
CVE-2006-1502
http://www.xfocus.org/advisories/200603/11.html
http://secunia.com/advisories/19418/
|
de4d4110-ebce-11dc-ae14-0016179b2dd5 | mplayer -- multiple vulnerabilities
The Mplayer team reports:
A buffer overflow was found in the code used to extract album
titles from CDDB server answers. When parsing answers from the
CDDB server, the album title is copied into a fixed-size buffer
with insufficient size checks, which may cause a buffer overflow.
A malicious database entry could trigger a buffer overflow in the
program. That can lead to arbitrary code execution with the UID of
the user running MPlayer.
A buffer overflow was found in the code used to escape URL
strings. The code used to skip over IPv6 addresses can be tricked
into leaving a pointer to a temporary buffer with a non-NULL value;
this causes the unescape code to reuse the buffer, and may lead to
a buffer overflow if the old buffer is smaller than required.
A malicious URL string may be used to trigger a buffer overflow in
the program, that can lead to arbitrary code execution with the UID
of the user running MPlayer.
A buffer overflow was found in the code used to parse MOV file
headers. The code read some values from the file and used them as
indexes into as array allocated on the heap without performing any
boundary check. A malicious file may be used to trigger a buffer
overflow in the program. That can lead to arbitrary code execution
with the UID of the user running MPlayer.
Discovery 2008-02-05 Entry 2008-03-06 mplayer
mplayer-esound
mplayer-gtk
mplayer-gtk2
mplayer-gtk-esound
mplayer-gtk2-esound
< 0.99.11_2
CVE-2008-0485
CVE-2008-0486
CVE-2008-0629
CVE-2008-0630
http://secunia.com/advisories/28779
|