ISS X-Force Database: mplayer-dmovideodecoder-bo(32747): MPlayer DMO

MPlayer DMO_VideoDecoder() buffer overflow

mplayer-dmovideodecoder-bo (32747)

High Risk

Description:

MPlayer is vulnerable to a buffer overflow, caused by improper bounds checking by the DMO_VideoDecoder function. By creating a specially-crafted video file with an overly long biSize value, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash, if the attacker could persuade the victim to open the malicious video file.

Platforms Affected:

Canonical, Ubuntu 5.10
Canonical, Ubuntu 6.06 LTS
Canonical, Ubuntu 6.10
Debian, Debian Linux 3.1
Debian, Debian Linux 4.0
Gentoo, Linux
MandrakeSoft, Mandrake Linux 2007 X86_64
MandrakeSoft, Mandrake Linux 2007
MandrakeSoft, Mandrake Linux Corporate Server 3.0
MandrakeSoft, Mandrake Linux Corporate Server 3.0 X86_64
MPlayer, MPlayer 1.0 rc1
Turbolinux, Turbolinux 10 Desktop
Turbolinux, Turbolinux 10 F...
Turbolinux, Turbolinux FUJI
Turbolinux, Turbolinux Home
Turbolinux, Turbolinux wizpy

Remedy:

Upgrade to the latest version of MPlayer (1.0rc1 trunk after 2/11/2007 or later), available from the MPlayer Web site. See References.

For Ubuntu Linux (xine-lib):
Refer to USN-433-1 for patch, upgrade, or suggested workaround information. See References.

For Mandriva Linux (mplayer):
Refer to MDKSA-2007:055 for patch, upgrade, or suggested workaround information. See References.

For Mandriva Linux (xine-lib):
Refer to MDKSA-2007:057 for patch, upgrade, or suggested workaround information. See References.

For Gentoo Linux (xine-lib):
Refer to Gentoo Linux Security Announcement GLSA 200704-09 for patch, upgrade, or suggested workaround information. See References.

For Gentoo Linux (MPlayer):
Refer to GLSA 200705-21 for patch, upgrade, or suggested workaround information. See References.

For Turbo Linux (xine-lib):
Refer to TLSA-2007-33 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Access

References:

Full-Disclosure Mailing List, Tue Feb 27 2007 - 09:20:48 CST, MPlayer: Buffer overflow at http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0597.html.
MPlayer Web site, MPlayer - The Movie Player at http://www.mplayerhq.hu/design7/news.html.
BID-22771: MPlayer DMO File Parsing Buffer Overflow Vulnerability
CVE-2007-1246: The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1387.
DSA-1536: libxine -- several vulnerabilities
GLSA-200704-09: xine-lib: Heap-based buffer overflow
GLSA-200705-21: MPlayer: Two buffer overflows
MDKSA-2007:055: Updated mplayer packages to address buffer overflow vulnerability
MDKSA-2007:057: Updated xine-lib packages to address buffer overflow vulnerability
SA24443: xine-lib Two Buffer Overflow Vulnerabilities
SA24444: MPlayer Two Buffer Overflow Vulnerabilities
SUSE-SR:2007:005: SUSE Security Summary Report
SUSE-SR:2007:007: SUSE Security Summary Report

Reported:

Mar 01, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page