FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-0486

This CVE name corresponds to:

Entered Topic
2008-03-06 mplayer -- multiple vulnerabilities
2008-02-26 libxine -- buffer overflow vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-0486 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-0486
Phase Assigned(20080129)

Description

Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.

References

Source Reference
BUGTRAQ 20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability
FULLDISC 20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability
MISC http://www.coresecurity.com/?action=item&id=2103
CONFIRM http://www.mplayerhq.hu/design7/news.html
CONFIRM http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=574735
CONFIRM http://bugs.xine-project.org/show_bug.cgi?id=38
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=431541
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=209106
DEBIAN DSA-1496
DEBIAN DSA-1536
FEDORA FEDORA-2008-1543
FEDORA FEDORA-2008-1581
GENTOO GLSA-200802-12
GENTOO GLSA-200803-16
MANDRIVA MDVSA-2008:045
MANDRIVA MDVSA-2008:046
SUSE SUSE-SR:2008:006
UBUNTU USN-635-1
BID 27441
VUPEN ADV-2008-0406
VUPEN ADV-2008-0421
SECUNIA 28779
SECUNIA 28801
SECUNIA 28918
SECUNIA 28956
SECUNIA 28955
SECUNIA 28989
SECUNIA 29141
SECUNIA 29307
SECUNIA 29323
SECUNIA 29601
SECUNIA 31393
SREASON 3608

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.