PT-2008-2115 · Mplayer Team+1 · Libmpdemux+2

Tomas Hoger

Published

2008-02-05

Updated

2018-10-15

CVE-2008-0486

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions MPlayer versions prior to 1.0rc2 and SVN versions prior to r25917 Xine-lib version 1.1.10

Description The issue is related to an array index vulnerability in the demux audio.c file of the libmpdemux module. This vulnerability might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.

Recommendations For MPlayer versions prior to 1.0rc2 and SVN versions prior to r25917, update to a version that includes the fix for this issue. For Xine-lib version 1.1.10, consider disabling the use of FLAC tags until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2008-0486

DSA-1496-1

DSA-1536-1

DTSA-114-1

Affected Products

Mplayer

Xine-Lib

Libmpdemux

PT-2008-2115 · Mplayer Team+1 · Libmpdemux+2

CVE-2008-0486

Weakness Enumeration

Related Identifiers

Affected Products

References · 37