Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3827

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-3827
Last Modified 07 Mar 2011 10:11:28
Published 29 Sep 2008 03:25:59
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3827

Summary

Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or write arbitrary memory.

Vulnerable Systems

Application

  • Mplayer 0.90

  • Mplayer 0.90 Pre

  • Mplayer 0.90 Rc

  • Mplayer 0.90 Rc4

  • Mplayer 0.91

  • Mplayer 0.92

  • Mplayer 0.92 Cvs

  • Mplayer 0.92.1

  • Mplayer 1.0 Pre1

  • Mplayer 1.0 Pre2

  • Mplayer 1.0 Pre3

  • Mplayer 1.0 Pre3try2

  • Mplayer 1.0 Pre4

  • Mplayer 1.0 Pre5

  • Mplayer 1.0 Pre5try1

  • Mplayer 1.0 Pre5try2

  • Mplayer 1.0 Pre6

  • Mplayer 1.0 Pre7

  • Mplayer 1.0 Pre7try2

  • Mplayer 1.0 Rc1

  • Mplayer 1.0 Rc2


References

MISC - http://www.ocert.org/advisories/ocert-2008-013.html

VUPEN - ADV-2008-2703

SECTRACK - 1020952

BID - 31473

BUGTRAQ - 20080929 [oCERT-2008-013] MPlayer Real demuxer heap overflow

MANDRIVA - MDVSA-2008:219

DEBIAN - DSA-1644

CONFIRM - http://svn.mplayerhq.hu/mplayer/trunk/libmpdemux/demux_real.c?r1=27314&r2=27675

SREASON - 4326

SECUNIA - 32153

SECUNIA - 32045


Last Updated: 27 May 2016 10:48:19