FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-3162

This CVE name corresponds to:

Entered Topic
2009-01-15 mplayer -- vulnerability in STR files processor

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-3162 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-3162
Phase Assigned(20080714)

Description

Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors.

References

Source Reference
MLIST [oss-security] 20080710 CVE id request: libavformat
MLIST [oss-security] 20080716 Re: CVE id request: libavformat
CONFIRM http://svn.mplayerhq.hu/ffmpeg?view=rev&revision=13993
CONFIRM https://roundup.mplayerhq.hu/roundup/ffmpeg/issue311
CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489965
DEBIAN DSA-1781
GENTOO GLSA-200903-33
MANDRIVA MDVSA-2008:157
UBUNTU USN-630-1
BID 30154
SECUNIA 34385
SECUNIA 34905
VUPEN ADV-2008-2031
SECUNIA 30994
SECUNIA 31268

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.