MPlayer aviheader.c integer overflow

mplayer-aviheader-integer-overflow (25514) The risk level is classified as HighHigh Risk

Description:

MPlayer is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the libmpdemux/aviheader.c module. By creating a malicious .asf file with a specially-crafted wLongsPerEntry or nEntriesInUse values in the index chunk, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service, once the malicious .asf file is opened.


Consequences:

Gain Access

Remedy:

For Gentoo Linux:
Refer to Gentoo Linux Security Announcement GLSA 2006-05-01 for patch, upgrade, or suggested workaround information. See References.

References:

  • Full-Disclosure Mailing List, Wed Mar 29 2006 - 00:12:52 CST: [xfocus-SD-060329]MPlayer: Multiple integer overflows.
  • MPlayer Web site: MPlayer - The Movie Player.
  • BID-17295: MPlayer Multiple Integer Overflow Vulnerabilities
  • CVE-2006-1502: Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negative integer after the conversion from a char to an int or (2) an AVI file with a crafted wLongsPerEntry or nEntriesInUse value in the indx chunk, which is handled in aviheader.c.
  • GLSA-200605-01: MPlayer: Heap-based buffer overflow
  • MDKSA-2006:068: Updated mplayer packages fix integer overflow vulnerabilities
  • MDKSA-2006:108: Updated xine-lib packages fix buffer overflow vulnerabilities
  • OSVDB ID: 24246: MPlayer libmpdemux/asfheader.c asf_descrambling() Function ASF Processing Overflow
  • OSVDB ID: 24247: MPlayer libmpdemux/aviheader.c AVI indx Chunk Processing Overflow
  • SA19418: MPlayer AVI "indx" Chunk and ASF Handling Vulnerabilities
  • SECTRACK ID: 1015842: MPlayer Integer Overflows in Processing ASF and AVI Headers Let Remote Users Execute Arbitrary Code
  • VUPEN/ADV-2006-1156: MPlayer ASF and AVI File Handling Remote Integer Overflow Vulnerabilities

Platforms Affected:

  • Gentoo Linux
  • MandrakeSoft Mandrake Linux 2006 X86_64
  • MandrakeSoft Mandrake Linux 2006
  • MandrakeSoft Mandrake Linux LE2005
  • MandrakeSoft Mandrake Linux LE2005 X86_64
  • MandrakeSoft Mandrake Linux Corporate Server 3.0 X86_64
  • MandrakeSoft Mandrake Linux Corporate Server 3.0
  • MPlayer MPlayer 1.0 pre7try2

Reported:

Mar 29, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page