Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Tue, 16 Dec 2008 19:59:56 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: Steven Christey <coley@...us.mitre.org>
Subject: Re: CVE request: mplayer


Sorry for being so long to answer everything, I was on travel and the CVE
team is re-analyzing our process so that we can be more responsive and
stable in the longer term.

- Steve

======================================================
Name: CVE-2008-5616
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5616
Reference: MISC:http://trapkit.de/advisories/TKADV2008-014.txt
Reference: CONFIRM:http://svn.mplayerhq.hu/mplayer/branches/1.0rc2/libmpdemux/demux_vqf.c?r1=24723&r2=28150&pathrev=28150
Reference: CONFIRM:http://svn.mplayerhq.hu/mplayer/branches/1.0rc2/libmpdemux/demux_vqf.c?view=log&pathrev=28150#rev28150
Reference: BID:32822
Reference: URL:http://www.securityfocus.com/bid/32822
Reference: SECUNIA:33136
Reference: URL:http://secunia.com/advisories/33136

Stack-based buffer overflow in the demux_open_vqf function in
libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote
attackers to execute arbitrary code via a malformed TwinVQ file.

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux Powered by OpenVZ Bookmark and Share