lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 29 Sep 2008 16:00:52 +0000
From: Andrea Barisani <lcars@...rt.org>
To: ocert-announce@...ts.ocert.org, oss-security@...ts.openwall.com,
	bugtraq@...urityfocus.com
Subject: [oCERT-2008-013] MPlayer Real demuxer heap overflow


2008/09/29 #2008-013 MPlayer Real demuxer heap overflow

Description:

The MPlayer multimedia player suffers from a vulnerability which could result
in arbitrary code execution and at the least, in unexpected process
termination.

Three integer underflows located in the Real demuxer code can be used to
exploit a heap overflow, a specific video file can be crafted in order to make
the stream_read function reading or writing arbitrary amounts of memory.

The following patch fixes the issue:
http://www.ocert.org/patches/2008-013/mplayer_demux_real.patch

Affected version:

MPlayer <= 1.0_rc2

Fixed version:

MPlayer, N/A

Credit: vulnerability report, patch and PoC code received from Felipe Andres
Manzano <fmanzano [at] fceia [dot] unr [dot] edu [dot] ar>.

CVE: CVE-2008-3827

Timeline:
2008-08-12: vulnerability report received
2008-08-24: contacted mplayer maintainers
2008-08-25: maintainer provides patch
2008-08-28: reporter indicates that the patch is incomplete and sends new PoC
2008-09-15: maintainer provides updated patch
2008-09-16: reporter confirms patch
2008-09-29: advisory release

References:

Links:
http://www.mplayerhq.hu

Permalink:
http://www.ocert.org/advisories/ocert-2008-013.html

-- 
Andrea Barisani |                Founder & Project Coordinator
          oCERT | Open Source Computer Emergency Response Team

<lcars@...rt.org>                         http://www.ocert.org
 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
        "Pluralitas non est ponenda sine necessitate"

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ