Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.51.0812161958580.5724@faron.mitre.org>
Date: Tue, 16 Dec 2008 19:59:56 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: Steven Christey <coley@...us.mitre.org>
Subject: Re: CVE request: mplayer


Sorry for being so long to answer everything, I was on travel and the CVE
team is re-analyzing our process so that we can be more responsive and
stable in the longer term.

- Steve

======================================================
Name: CVE-2008-5616
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5616
Reference: MISC:http://trapkit.de/advisories/TKADV2008-014.txt
Reference: CONFIRM:http://svn.mplayerhq.hu/mplayer/branches/1.0rc2/libmpdemux/demux_vqf.c?r1=24723&r2=28150&pathrev=28150
Reference: CONFIRM:http://svn.mplayerhq.hu/mplayer/branches/1.0rc2/libmpdemux/demux_vqf.c?view=log&pathrev=28150#rev28150
Reference: BID:32822
Reference: URL:http://www.securityfocus.com/bid/32822
Reference: SECUNIA:33136
Reference: URL:http://secunia.com/advisories/33136

Stack-based buffer overflow in the demux_open_vqf function in
libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote
attackers to execute arbitrary code via a malformed TwinVQ file.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.