Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5616

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-5616
Last Modified 14 May 2009 01:31:58
Published 16 Dec 2008 08:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5616

Summary

Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file.

Vulnerable Systems

Application

  • Mplayer 0.90

  • Mplayer 0.90 Pre

  • Mplayer 0.90 Rc

  • Mplayer 0.90 Rc4

  • Mplayer 0.91

  • Mplayer 0.92

  • Mplayer 0.92 Cvs

  • Mplayer 0.92.1

  • Mplayer 1.0 Pre1

  • Mplayer 1.0 Pre2

  • Mplayer 1.0 Pre3

  • Mplayer 1.0 Pre3try2

  • Mplayer 1.0 Pre4

  • Mplayer 1.0 Pre5

  • Mplayer 1.0 Pre5try1

  • Mplayer 1.0 Pre5try2

  • Mplayer 1.0 Pre6

  • Mplayer 1.0 Pre7

  • Mplayer 1.0 Pre7try2

  • Mplayer 1.0 Rc1


References

BID - 32822

BUGTRAQ - 20081214 [TKADV2008-014] MPlayer TwinVQ Processing Stack Buffer Overflow Vulnerability

MANDRIVA - MDVSA-2009:014

MANDRIVA - MDVSA-2009:013

DEBIAN - DSA-1782

MISC - http://trapkit.de/advisories/TKADV2008-014.txt

CONFIRM - http://svn.mplayerhq.hu/mplayer/branches/1.0rc2/libmpdemux/demux_vqf.c?view=log&pathrev=28150#rev28150

CONFIRM - http://svn.mplayerhq.hu/mplayer/branches/1.0rc2/libmpdemux/demux_vqf.c?r1=24723&r2=28150&pathrev=28150

SECUNIA - 34845

SECUNIA - 33136


Last Updated: 27 May 2016 10:48:52