Mageia 2024-0062: mplayer security update

The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config () of llibmpcodecs/vf_scale.c

Summary

The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config () of llibmpcodecs/vf_scale.c. (CVE-2022-38850) Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function read_meta_record() of mplayer/libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. (CVE-2022-38851) Certain The MPlayer Project products are vulnerable to Buffer Overflow via function gen_sh_video () of mplayer/libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. (CVE-2022-38855) Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. (CVE-2022-38858) Certain The MPlayer Project products are vulnerable to Divide By Zero via function demux_open_avi() of libmpdemux/demux_avi.c which affects mencoder. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. (CVE-2022-38860) The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function free_mp_image() of libmpcodecs/mp_image.c. (CVE-2022-38861) Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mp_getbits() of libmpdemux/mpeg_hdr.c which affects mencoder and mplayer. This affects mecoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1. (CVE-2022-38863) Certain The MPlayer Project products are vulnerable to Buffer Overflow via the function mp_unescape03() of libmpdemux/mpeg_hdr.c. This affects mencoder SVN-r38374-13.0.1 and mplayer SVN-r38374-13.0.1. (CVE-2022-38864) Certain The MPlayer Project products are vulnerable to Divide By Zero via the function demux_avi_read_packet of libmpdemux/demux_avi.c. This affects mplyer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. (CVE-2022-38865) Certain The MPlayer Project products are vulnerable to Buffer Overflow via read_avi_header() of libmpdemux/aviheader.c . This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1. (CVE-2022-38866)

References

- https://bugs.mageia.org/show_bug.cgi?id=31360

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38850

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38851

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38855

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38858

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38860

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38861

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38863

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38864

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38865

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38866

Resolution

MGASA-2024-0062 - Updated mplayer packages fix security vulnerabilities

SRPMS

- 9/core/mplayer-1.5-12.1.mga9

- 9/tainted/mplayer-1.5-12.1.mga9.tainted

Severity

Publication date: 15 Mar 2024

URL: https://advisories.mageia.org/MGASA-2024-0062.html

Type: security

CVE: CVE-2022-38850, CVE-2022-38851, CVE-2022-38855, CVE-2022-38858, CVE-2022-38860, CVE-2022-38861, CVE-2022-38863, CVE-2022-38864, CVE-2022-38865, CVE-2022-38866

Mageia 2024-0062: mplayer security update

Summary

References

Resolution

SRPMS

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By