PT-2008-2115 · Mplayer Team+1 · Libmpdemux+2

Tomas Hoger

Publicado

2008-02-05

Atualizado

2018-10-15

CVE-2008-0486

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions MPlayer versions prior to 1.0rc2 and SVN versions prior to r25917 Xine-lib version 1.1.10

Description The issue is related to an array index vulnerability in the demux audio.c file of the libmpdemux module. This vulnerability might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.

Recommendations For MPlayer versions prior to 1.0rc2 and SVN versions prior to r25917, update to a version that includes the fix for this issue. For Xine-lib version 1.1.10, consider disabling the use of FLAC tags until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-189

Identificadores relacionados

CVE-2008-0486

DSA-1496-1

DSA-1536-1

DTSA-114-1

Produtos afetados

Mplayer

Xine-Lib

Libmpdemux

PT-2008-2115 · Mplayer Team+1 · Libmpdemux+2

CVE-2008-0486

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 37