Debian Mplayer vulnerabilities

CVE-2008-4867 [CRITICAL] CVE-2008-4867: ffmpeg - Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MP... Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value. Scope: local bookworm: resolved (fixed in 0.svn20080206-14) bullseye: resolved (fixed in 0.svn20080206-14) forky: resolved (fixed in 0.svn20080206-14) sid: r

CVE-2008-0485 [CRITICAL] CVE-2008-0485: mplayer - Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might... Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag. Scope: local bookworm: resolved (fixed in 1.0~rc2-8) bullseye: resolved (fixed in 1.0~rc2-8) forky: resolved (fixed in 1.0~rc2-8) sid: resolved (fixed in 1.0~rc2-8) trixie: resolved

CVE-2008-0486 [HIGH] CVE-2008-0486: mplayer - Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN ... Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. Scope: local bookworm: resolved (fixed in 1.0~rc2-8) bullseye: resolved (fixed in 1.0~rc2-8) forky: res

CVE-2008-0630 [MEDIUM] CVE-2008-0630: mplayer - Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 allows remote a... Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 allows remote attackers to execute arbitrary code via a crafted URL that prevents the IPv6 parsing code from setting a pointer to NULL, which causes the buffer to be reused by the unescape code. Scope: local bookworm: resolved (fixed in 1.0~rc2-8) bullseye: resolved (fixed in 1.0~rc2-8) forky: resolved

CVE-2008-3827 [CRITICAL] CVE-2008-3827: mplayer - Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc... Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or write arbitrary memory. Scope: local bookworm: resolved (fixed in 1.0~rc2-18) bullseye: r

CVE-2008-1558 [CRITICAL] CVE-2008-1558: mplayer - Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdppli... Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. NOTE: this issue has been referred to as an integer overflow. Scope: local bookworm: resolved (fixed in 1.0~rc2-10) bullseye: resolved (fixed in 1.0~rc2-10)

CVE-2008-0629 [MEDIUM] CVE-2008-0629: mplayer - Buffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN before r25824 allows ... Buffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN before r25824 allows remote user-assisted attackers to execute arbitrary code via a CDDB database entry containing a long album title. Scope: local bookworm: resolved (fixed in 1.0~rc2-8) bullseye: resolved (fixed in 1.0~rc2-8) forky: resolved (fixed in 1.0~rc2-8) sid: resolved (fixed in 1.0~rc2-8) trixie: r

CVE-2008-5616 [CRITICAL] CVE-2008-5616: mplayer - Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_v... Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file. Scope: local bookworm: resolved (fixed in 1.0~rc2-19) bullseye: resolved (fixed in 1.0~rc2-19) forky: resolved (fixed in 1.0~rc2-19) sid: resolved (fixed in 1.0~rc2-19)

CVE-2008-4868 [CRITICAL] CVE-2008-4868: ffmpeg - Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in... Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free "on random pointers." Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2008-4610 [MEDIUM] CVE-2008-4610: ffmpeg - MPlayer allows remote attackers to cause a denial of service (application crash)... MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718. Scope: local bookworm: resolved (fixed in 7:2.4.1-1) bullseye: resolved (fixed in 7:2.4.1-1) forky: resolved (fi

CVE-2008-5244 [CRITICAL] CVE-2008-5244: faad2 - Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attac... Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad. Scope: local bookworm: resolved (fixed in 2.6.1-1) bullseye: resolved (fixed in 2.6.1-1) forky: resolved (fixed in 2.6.1-1) sid: resolved (fixed in 2.6.1-1)

CVE-2007-2948 [CRITICAL] CVE-2007-2948: mplayer - Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before ... Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long (1) album title or (2) category. Scope: local bookworm: resolved (fixed in 1.0~rc1-14) bullseye: resolved (fixed in 1.0~rc1-14) forky: resolved (fixed in 1.0~rc1-14) sid: resolved (fixed in 1.0~rc1

CVE-2007-4938 [HIGH] CVE-2007-4938: mplayer - Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earli... Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value. Scope: local bookworm: resolved (fixed in 1.0~rc1-16.1) bullseye

CVE-2007-1246 [HIGH] CVE-2007-1246: mplayer - The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1... The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1387. Scope: local bookworm: resolved (fixed in 1.0~rc

CVE-2007-6718 [HIGH] CVE-2007-6718: mplayer - MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (... MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer

CVE-2007-1387 [HIGH] CVE-2007-1387: mplayer - The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer 1.0rc1 and ear... The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1246. Scope: local bookworm: resolved (fixed in 1.0~rc1-13) bullsey

CVE-2006-4800 [HIGH] CVE-2006-4800: ffmpeg - Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow r... Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c

CVE-2006-6172 [HIGH] CVE-2006-6172: mplayer - Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler ... Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches. Scope: local bookworm: resol

CVE-2006-0579 [HIGH] CVE-2006-0579: mplayer - Multiple integer overflows in (1) the new_demux_packet function in demuxer.h and... Multiple integer overflows in (1) the new_demux_packet function in demuxer.h and (2) the demux_asf_read_packet function in demux_asf.c in MPlayer 1.0pre7try2 and earlier allow remote attackers to execute arbitrary code via an ASF file with a large packet length value. NOTE: the provenance of this information is unknown; portions of the details are obtained from third

CVE-2005-4048 [HIGH] CVE-2005-4048: ffmpeg - Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) ... Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes. Scope: local bookworm: resolved (fixed in 0.cvs20050918-5.1) bullseye: