FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1b70bef4-649f-11d9-a30e-000a95bc6faelibxine -- multiple buffer overflows in RTSP

A xine security announcement states:

Multiple vulnerabilities have been found and fixed in the Real-Time Streaming Protocol (RTSP) client for RealNetworks servers, including a series of potentially remotely exploitable buffer overflows. This is a joint advisory by the MPlayer and xine teams as the code in question is common to these projects.

Severity: High (arbitrary remote code execution under the user ID running the player) when playing Real RTSP streams. At this time, there is no known exploit for these vulnerabilities.


Discovery 2004-05-25
Entry 2005-01-12
mplayer
mplayer-gtk
mplayer-gtk2
mplayer-esound
mplayer-gtk-esound
mplayer-gtk2-esound
< 0.99.4

libxine
< 1.0.r4

CVE-2004-0433
http://xinehq.de/index.php/security/XSA-2004-3
http://xforce.iss.net/xforce/xfdb/16019
10245
3ac80dd2-14df-11dc-bcfc-0016179b2dd5mplayer -- cddb stack overflow

Mplayer Team reports:

A stack overflow was found in the code used to handle cddb queries. When copying the album title and category, no checking was performed on the size of the strings before storing them in a fixed-size array. A malicious entry in the database could trigger a stack overflow in the program, leading to arbitrary code execution with the uid of the user running MPlayer.


Discovery 2007-06-06
Entry 2007-06-07
mplayer
mplayer-esound
mplayer-gtk
mplayer-gtk2
mplayer-gtk-esound
mplayer-gtk2-esound
< 0.99.10_10

24302
CVE-2007-2948
5ccb1c14-e357-11dd-a765-0030843d3802mplayer -- vulnerability in STR files processor

Secunia reports:

The vulnerability is caused due to a boundary error within the "str_read_packet()" function in libavformat/psxstr.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted STR file.


Discovery 2008-07-09
Entry 2009-01-15
mplayer
mplayer-esound
mplayer-gtk
mplayer-gtk-esound
mplayer-gtk2
mplayer-gtk2-esound
< 0.99.11_10

CVE-2008-3162
30157
http://secunia.com/advisories/30994
https://roundup.mplayerhq.hu/roundup/ffmpeg/issue311
724e6f93-8f2a-11dd-821f-001cc0377035mplayer -- multiple integer overflows

The oCERT team reports:

The MPlayer multimedia player suffers from a vulnerability which could result in arbitrary code execution and at the least, in unexpected process termination. Three integer underflows located in the Real demuxer code can be used to exploit a heap overflow, a specific video file can be crafted in order to make the stream_read function reading or writing arbitrary amounts of memory.


Discovery 2008-09-30
Entry 2008-10-01
Modified 2008-10-02
mplayer
mplayer-esound
mplayer-gtk
mplayer-gtk2
mplayer-gtk-esound
mplayer-gtk2-esound
< 0.99.11_7

CVE-2008-3827
http://www.ocert.org/advisories/ocert-2008-013.html
7c5bd5b8-d652-11dd-a765-0030843d3802mplayer -- twinvq processing buffer overflow vulnerability

A trapkit reports:

MPlayer contains a stack buffer overflow vulnerability while parsing malformed TwinVQ media files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of MPlayer.


Discovery 2008-12-14
Entry 2008-12-30
mplayer
mplayer-esound
mplayer-gtk
mplayer-gtk-esound
mplayer-gtk2
mplayer-gtk2-esound
< 0.99.11_9

CVE-2008-5616
http://secunia.com/advisories/33136/
http://trapkit.de/advisories/TKADV2008-014.txt
85d76f02-5380-11d9-a9e7-0001020eed82mplayer -- multiple vulnerabilities

iDEFENSE and the MPlayer Team have found multiple vulnerabilities in MPlayer:

  • Potential heap overflow in Real RTSP streaming code
  • Potential stack overflow in MMST streaming code
  • Multiple buffer overflows in BMP demuxer
  • Potential heap overflow in pnm streaming code
  • Potential buffer overflow in mp3lib

These vulnerabilities could allow a remote attacker to execute arbitrary code as the user running MPlayer. The problem in the pnm streaming code also affects xine.


Discovery 2004-12-10
Entry 2004-12-21
Modified 2005-01-12
mplayer
mplayer-gtk
mplayer-gtk2
mplayer-esound
mplayer-gtk-esound
mplayer-gtk2-esound
< 0.99.5_5

libxine
le 1.0.r5_3

CVE-2004-1187
CVE-2004-1188
http://mplayerhq.hu/homepage/design7/news.html#mplayer10pre5try2
http://marc.theaimsgroup.com/?l=bugtraq&m=110322526210300
http://www.idefense.com/application/poi/display?id=166
http://marc.theaimsgroup.com/?l=bugtraq&m=110322829807443
http://www.idefense.com/application/poi/display?id=167
http://marc.theaimsgroup.com/?l=bugtraq&m=110323022605345
http://www.idefense.com/application/poi/display?id=168
http://xinehq.de/index.php/security/XSA-2004-6
91c606fc-b5d0-11d9-a788-0001020eed82mplayer & libxine -- MMS and Real RTSP buffer overflow vulnerabilities

A xine security announcement reports:

By a user receiving data from a malicious network streaming server, an attacker can overrun a heap buffer, which can, on some systems, lead to or help in executing attacker-chosen malicious code with the permissions of the user running a xine-lib based media application.

Both the MMS and Real RTSP streaming client code made some too-strong assumptions on the transferred data. Several critical bounds checks were missing, resulting in the possibility of heap overflows, should the remote server not adhere to these assumptions. In the MMS case, a remote server could present content with too many individual streams; in the RTSP case, a remote server's reply could have too many lines.

An attacker can set up a server delivering malicious data to the users. This can be used to overflow a heap buffer, which can, with certain implementations of heap management, lead to attacker chosen data written to the stack. This can cause attacker-chosen code being executed with the permissions of the user running the application. By tricking users to retrieve a stream, which can be as easy as providing a link on a website, this vulnerability can be exploited remotely.


Discovery 2005-04-16
Entry 2005-04-25
mplayer
mplayer-gtk
mplayer-gtk2
mplayer-esound
mplayer-gtk-esound
mplayer-gtk2-esound
< 0.99.7

libxine
ge 0.9.9 lt 1.0.1

13270
13271
CVE-2005-1195
http://www.mplayerhq.hu/homepage/design7/news.html#vuln10
http://www.mplayerhq.hu/homepage/design7/news.html#vuln11
http://xinehq.de/index.php/security/XSA-2004-8
abeb9b64-ce50-11db-bc24-0016179b2dd5mplayer -- DMO File Parsing Buffer Overflow Vulnerability

"Moritz Jodeit reports:

There's an exploitable buffer overflow in the current version of MPlayer (v1.0rc1) which can be exploited with a maliciously crafted video file. It is hidden in the DMO_VideoDecoder() function of `loader/dmo/DMO_VideoDecoder.c' file.


Discovery 2007-02-11
Entry 2007-03-09
mplayer
mplayer-esound
mplayer-gtk
mplayer-gtk2
mplayer-gtk-esound
mplayer-gtk2-esound
< 0.99.10_5

22771
CVE-2007-1246
b2ff68b2-9f29-11db-a4e4-0211d87675b7mplayer -- buffer overflow in the code for RealMedia RTSP streams.

A potential buffer overflow was found in the code used to handle RealMedia RTSP streams. When checking for matching asm rules, the code stores the results in a fixed-size array, but no boundary checks are performed. This may lead to a buffer overflow if the user is tricked into connecting to a malicious server. Since the attacker cannot write arbitrary data into the buffer, creating an exploit is very hard; but a DoS attack is easily made. A fix for this problem was committed to SVN on Sun Dec 31 13:27:53 2006 UTC as r21799. The fix involves three files: stream/realrtsp/asmrp.c, stream/realrtsp/asmrp.h and stream/realrtsp/real.c.


Discovery 2006-12-31
Entry 2007-01-08
mplayer
mplayer-esound
mplayer-gtk
mplayer-gtk2
mplayer-gtk-esound
mplayer-gtk2-esound
< 0.99.10_1

ports/107217
CVE-2006-6172
http://www.mplayerhq.hu/design7/news.html
c7526a14-c4dc-11da-9699-00123ffe8333mplayer -- Multiple integer overflows

Secunia reports:

The vulnerabilities are caused due to integer overflow errors in "libmpdemux/asfheader.c" within the handling of an ASF file, and in "libmpdemux/aviheader.c" when parsing the "indx" chunk in an AVI file. This can be exploited to cause heap-based buffer overflows via a malicious ASF file, or via a AVI file with specially-crafted "wLongsPerEntry" and "nEntriesInUse" values in the "indx" chunk.


Discovery 2006-03-29
Entry 2006-04-07
mplayer
mplayer-esound
mplayer-gtk
mplayer-gtk2
mplayer-gtk-esound
mplayer-gtk2-esound
< 0.99.7_12

CVE-2006-1502
http://www.xfocus.org/advisories/200603/11.html
http://secunia.com/advisories/19418/
de4d4110-ebce-11dc-ae14-0016179b2dd5mplayer -- multiple vulnerabilities

The Mplayer team reports:

A buffer overflow was found in the code used to extract album titles from CDDB server answers. When parsing answers from the CDDB server, the album title is copied into a fixed-size buffer with insufficient size checks, which may cause a buffer overflow. A malicious database entry could trigger a buffer overflow in the program. That can lead to arbitrary code execution with the UID of the user running MPlayer.

A buffer overflow was found in the code used to escape URL strings. The code used to skip over IPv6 addresses can be tricked into leaving a pointer to a temporary buffer with a non-NULL value; this causes the unescape code to reuse the buffer, and may lead to a buffer overflow if the old buffer is smaller than required. A malicious URL string may be used to trigger a buffer overflow in the program, that can lead to arbitrary code execution with the UID of the user running MPlayer.

A buffer overflow was found in the code used to parse MOV file headers. The code read some values from the file and used them as indexes into as array allocated on the heap without performing any boundary check. A malicious file may be used to trigger a buffer overflow in the program. That can lead to arbitrary code execution with the UID of the user running MPlayer.


Discovery 2008-02-05
Entry 2008-03-06
mplayer
mplayer-esound
mplayer-gtk
mplayer-gtk2
mplayer-gtk-esound
mplayer-gtk2-esound
< 0.99.11_2

CVE-2008-0485
CVE-2008-0486
CVE-2008-0629
CVE-2008-0630
http://secunia.com/advisories/28779