CVE-2006-1502 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-1502
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-1502

Description: Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negative integer after the conversion from a char to an int or (2) an AVI file with a crafted wLongsPerEntry or nEntriesInUse value in the indx chunk, which is handled in aviheader.c.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/25513 http://xforce.iss.net/xforce/xfdb/25514 ST 1015842 SREASON http://securityreason.com/securityalert/532 http://securityreason.com/securityalert/647 SAID Secunia Advisory: SA19418 Secunia Advisory: SA19565 Secunia Advisory: SA19919 OSVDB 24246 24247 MISC http://www.xfocus.org/advisories/200603/11.html MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:068 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200605-01.xml FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044615.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/429251/100/0/threaded BID 17295

Return to the previous page.