Secunia Logo
 Vulnerability IntelligenceVulnerability ScanningCommunity - new!Blog - new entry!Corporate InformationOnline ShopCustomer Login  
 Secunia AdvisoriesSecunia ResearchBinary Analysis  
Home > Vulnerability Intelligence > Secunia Advisories > MPlayer Multiple Vulnerabilities
Secunia Advisories
Advisories
Search
Advisories by Product
Advisories by Vendor
Historic Advisories
Mailing Lists & RSS
Report Vulnerability
Contact Form
Business Solutions Restricted
Partner Solutions Restricted
About
 
MPlayer Multiple Vulnerabilities
Secunia Advisory: SA13508
Advisory Toolbox:
Issue ticket
Save in to-do list
Mark as handled
Exploit information
Download as PDF
Review actions
Add comment
Release Date: 2004-12-17
Last Update: 2004-12-22
Popularity: 13,558 views

Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch

Software:MPlayer 1.x
Subscribe: Instant alerts on relevant vulnerabilities

CVE reference:CVE-2004-1285
CVE-2004-1309
CVE-2004-1310
CVE-2004-1311
Description:
Multiple vulnerabilities have been reported in MPlayer, which can be exploited by malicious people to compromise a user's system.

1) An integer overflow in the "real_setup_and_get_header()" function when processing RTSP streams can be exploited to cause a heap-based buffer overflow by passing an extremely large "Content-Length" for a stream.

2) Boundary errors in some functions within the MMST streaming code can be exploited to cause stack-based buffer overflows via a specially crafted files.

3) A boundary error in the "demux_open_bmp()" function when parsing bitmaps can be exploited to cause a heap-based buffer overflow via a specially crafted bitmap image containing an overly large value in the "biClrUsed" field.

4) An unspecified boundary error within the PNM streaming code can be exploited to cause a heap-based buffer overflow.

5) An unspecified boundary error within mp3lib can be exploited to cause a buffer overflow.

The vulnerabilities have been reported in version 1.0pre5 and the CVS version. Prior versions may also be affected.

Solution:
The vulnerabilities have been fixed in version 1.0pre5try2.
http://mplayerhq.hu/homepage/design7/dload.html

Provided and/or discovered by:
1-3) Discovered by anonymous person and reported via iDEFENSE.
2) Ariel Berkman
4+5) Reported by vendor.

Changelog:
2004-12-22: Added CVE references.

Original Advisory:
MPlayer:
http://mplayerhq.hu/pipermail/mplayer-announce/2004-December/000055.html

iDEFENSE:
http://www.idefense.com/application/poi/display?id=166&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=167&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=168&type=vulnerabilities

Ariel Berkman:
http://tigger.uic.edu/~jlongs2/holes/mplayer.txt

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

Today
New advisories: 33
New vulnerabilities: 55
Updated advisories: 56

Moderately // 148 views
RakhiSoftware Shopping Cart Multiple Vulnerabilities
Moderately // 153 views
Lito Lite CMS "cid" SQL Injection Vulnerability
Moderately // 157 views
Basic PHP CMS "id" SQL Injection Vulnerability
Less // 290 views
Microsoft Office Communications Server SIP INVITE Denial of Service
Moderately // 166 views
Bluo CMS "id" SQL Injection Vulnerability
Moderately // 189 views
Active eWebquiz "useremail" and "password" SQL Injection Vulnerabilities
Highly // 179 views
Minimal Ablog Multiple Vulnerabilities
Moderately // 188 views
Active Newsletter "email" and "password" SQL Injection Vulnerabilities
Moderately // 183 views
Ocean12 FAQ Manager Pro "ID" SQL Injection Vulnerability
Moderately // 202 views
Active Photo Gallery "username" and "password" SQL Injection

Solutions | More...  

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. Sun Java JDK / JRE Multiple Vulnerabilities // 114 views
2. VLC Media Player Real Demuxer Integer Overflow Vulnerability // 78 views
3. Microsoft Office Communications Server SIP INVITE Denial of Service // 66 views
4. Adobe Flash Player Multiple Security Issues and Vulnerabilities // 50 views
5. Mozilla Firefox 3 Multiple Vulnerabilities // 42 views
6. Lito Lite CMS "cid" SQL Injection Vulnerability // 38 views
7. Active eWebquiz "useremail" and "password" SQL Injection Vulnerabilities // 35 views
8. Basic PHP CMS "id" SQL Injection Vulnerability // 35 views
9. Active Photo Gallery "username" and "password" SQL Injection // 33 views
10. RakhiSoftware Shopping Cart Multiple Vulnerabilities // 33 views



Contact | Terms & Conditions and Copyright | Report Vulnerability | Press | Jobs | About Secunia
Copyright Secunia 2002-2008