FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-3827

This CVE name corresponds to:

Entered Topic
2008-10-01 mplayer -- multiple integer overflows

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-3827 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-3827
Phase Assigned(20080827)

Description

Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or write arbitrary memory.

References

Source Reference
BUGTRAQ 20080929 [oCERT-2008-013] MPlayer Real demuxer heap overflow
MISC http://www.ocert.org/advisories/ocert-2008-013.html
CONFIRM http://svn.mplayerhq.hu/mplayer/trunk/libmpdemux/demux_real.c?r1=27314&r2=27675
DEBIAN DSA-1644
MANDRIVA MDVSA-2008:219
BID 31473
VUPEN ADV-2008-2703
SECTRACK 1020952
SECUNIA 32153
SECUNIA 32045
SREASON 4326

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.