CVE-2008-3827
https://notcve.org/view.php?id=CVE-2008-3827
Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or write arbitrary memory. Mútiples desbordamientos de entero en MPlayer v1.0_rc2 y anteriores permite a atacantes remotos provocar una denegación de servicio (finalización de proceso) y posiblemente ejecutar código de su elección mediante un fichero de vídeo manipulado que provoca que la función stream_read lea o escriba en una zona de memoria de su elección. • http://secunia.com/advisories/32045 http://secunia.com/advisories/32153 http://securityreason.com/securityalert/4326 http://svn.mplayerhq.hu/mplayer/trunk/libmpdemux/demux_real.c?r1=27314&r2=27675 http://www.debian.org/security/2008/dsa-1644 http://www.mandriva.com/security/advisories?name=MDVSA-2008:219 http://www.ocert.org/advisories/ocert-2008-013.html http://www.securityfocus.com/archive/1/496806/100/0/threaded http://www.securityfocus.com/bid/31473 http://www.securitytr • CWE-189: Numeric Errors •
CVE-2008-0485 – MPlayer 1.0rc2 - 'demux_mov.c' Remote Code Execution
https://notcve.org/view.php?id=CVE-2008-0485
Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag. Error en el índice de array en libmpdemux/demux_mov.c de MPlayer 1.0 rc2 y versiones anteriores. Podría permitir a atacantes remotos ejecutar código de su elección a través de un archivo MOV de QuickTime modificado con una etiqueta stsc atom. • https://www.exploit-db.com/exploits/31076 http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060032.html http://secunia.com/advisories/28779 http://secunia.com/advisories/28955 http://secunia.com/advisories/28956 http://secunia.com/advisories/29307 http://security.gentoo.org/glsa/glsa-200803-16.xml http://securityreason.com/securityalert/3607 http://www.coresecurity.com/?action=item&id=2102 http://www.debian.org/security/2008/dsa-1496 http://www.mandriva.com • CWE-189: Numeric Errors •
CVE-2007-4938 – MPlayer 1.0 - AVIHeader.C Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-4938
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value. Desbordamiento de búfer basado en pila en libmpdemux/aviheader.c en MPlayer 1.0rc1 y anteriores permite a atacantes remotos provocar denegación de servicio (caida de aplicación) o posiblemente ejecutar código de su elección a través de un archivo .avi con cierto "tamaño indx tratado" y valores nEntriesInuse, y un cierto valor wLongsPerEntry. • https://www.exploit-db.com/exploits/30578 http://osvdb.org/45940 http://secunia.com/advisories/27016 http://securityreason.com/securityalert/3144 http://www.mandriva.com/security/advisories?name=MDKSA-2007:192 http://www.securityfocus.com/archive/1/479222/100/0/threaded http://www.securityfocus.com/bid/25648 http://www.vulnhunt.com/advisories/CAL-20070912-1_Multiple_vendor_produce_handling_AVI_file_vulnerabilities.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/36581 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-2948
https://notcve.org/view.php?id=CVE-2007-2948
Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long (1) album title or (2) category. Múltiples desbordamientos de búfer basados en pila en el stream/stream_cddb.c del MPlayer en versiones anteriores a la 1.0rc1try3 permite a atacantes remotos ejecutar código de su elección a través de una entrada CDDB con un (1) título de álbum largo o (2) una categoría larga. • http://lists.mplayerhq.hu/pipermail/mplayer-announce/2007-June/000066.html http://osvdb.org/36991 http://secunia.com/advisories/24302 http://secunia.com/advisories/25713 http://secunia.com/advisories/25940 http://secunia.com/advisories/26083 http://secunia.com/advisories/26207 http://secunia.com/secunia_research/2007-55 http://security.gentoo.org/glsa/glsa-200707-07.xml http://svn.mplayerhq.hu/mplayer/trunk/stream/stream_cddb.c?r1=23287&r2=23470&diff_format=u http:// •
CVE-2007-1387
https://notcve.org/view.php?id=CVE-2007-1387
The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1246. El cargador DirectShow (loader/dshow/DS_VideoDecoder.c) en MPlayer 1.0rc1 y anteriores, como el usado en xine-lib, no establece el biSize antes de usarse en memcpy, lo cual permite a atacantes remotos con la complicidad del usuario provocar un desbordamiento de búfer y posiblemente ejecutar código de su elección, una vulnerabilidad diferente que CVE-2007-1246. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414072 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414072%3Bmsg=12%3Bfilename=DS_VideoDecoder.c---SVN--22205.patch%3Batt=1 http://secunia.com/advisories/24443 http://secunia.com/advisories/24444 http://secunia.com/advisories/24462 http://secunia.com/advisories/25462 http://secunia.com/advisories/29601 http://security.gentoo.org/glsa/glsa-200705-21.xml http://www.debian.org/security/2008/dsa-1536 http://www.mandr •