Pardus: Mplayer Buffer Overflow

Posted by Bill Keys

Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer allows remote attackers to execute arbitrary code via a malformed TwinVQ file.

------------------------------------------------------------------------
Pardus Linux Security Advisory 2008-87            security@pardus.org.tr
------------------------------------------------------------------------
     Date: 2008-12-24
 Severity: 4
     Type: Remote
------------------------------------------------------------------------

Summary
=======

Stack-based  buffer overflow  in  the   demux_open_vqf   function   in
libmpdemux/demux_vqf.c in MPlayer allows remote  attackers  to  execute
arbitrary code via a malformed TwinVQ file.


Description
===========

Successful exploitation may allow execution of arbitrary code.



Affected packages:

 Pardus 2008:
   mplayer, all before 0.0_20081015-101-18
 Pardus 2007:
   mplayer, all before 0.0_20080322-85-61


Resolution
==========

There are update(s) for mplayer. You can update them via Package Manager
or with a single command from console:

 Pardus 2008:
   pisi up mplayer

 Pardus 2007:
   pisi up mplayer


References
==========

* http://bugs.pardus.org.tr/show_bug.cgi?id=8879 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5616 * http://trapkit.de/advisories/TKADV2008-014.txt ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr _______________________________________________ Pardus-security mailing list Pardus-security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security