FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-5616

This CVE name corresponds to:

Entered Topic
2008-12-30 mplayer -- twinvq processing buffer overflow vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2008-5616
Phase Assigned(20081216)

Description

Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file.

References

Source Reference
BUGTRAQ 20081214 [TKADV2008-014] MPlayer TwinVQ Processing Stack Buffer Overflow Vulnerability
MISC http://trapkit.de/advisories/TKADV2008-014.txt
CONFIRM http://svn.mplayerhq.hu/mplayer/branches/1.0rc2/libmpdemux/demux_vqf.c?r1=24723&r2=28150&pathrev=28150
CONFIRM http://svn.mplayerhq.hu/mplayer/branches/1.0rc2/libmpdemux/demux_vqf.c?view=log&pathrev=28150#rev28150
DEBIAN DSA-1782
MANDRIVA MDVSA-2009:013
MANDRIVA MDVSA-2009:014
BID 32822
SECUNIA 33136
SECUNIA 34845