Technical Description

Two vulnerabilities have been identified in MPlayer, which could be exploited by remote attackers to execute arbitrary commands. These issues are due to buffer overflow errors within the "DMO_VideoDecoder()" [loader/dmo/DMO_VideoDecoder.c] and "DS_VideoDecoder_Open()" [loader/dshow/DS_VideoDecoder.c] functions that does not validate certain values before being copied into an insufficiently sized buffer via a "memcpy()" call, which could be exploited by attackers to crash an affected application or compromise a vulnerable system by tricking a user into opening a specially crafted video file.

Affected Products

MPlayer version 1.0rc1 and prior
Xine-lib version 1.1.4 and prior

Solution

A fix is available via CVS (MPlayer) :
http://svn.mplayerhq.hu/mplayer/trunk/loader/dmo/DMO_VideoDecoder.c
http://svn.mplayerhq.hu/mplayer/trunk/loader/dshow/DS_VideoDecoder.c

Upgrade to Xine-lib version 1.1.5 :
http://sourceforge.net/projects/xine/

References

http://www.vupen.com/english/advisories/2007/0794
http://sourceforge.net/project/shownotes.php?release_id=499925

Credits

Vulnerabilities reported by Moritz Jodeit

ChangeLog

2007-03-01 : Initial release
2007-03-11 : Updated Advisory
2007-04-09 : Updated Solution

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.