• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: MPlayer Multiple CDDB Parsing Buffer Overflow Vulnerabilities

Severity: HIGH

Description:

MPlayer is a multimedia audio/video application. It is freely available for UNIX and variants and for Microsoft Windows.

MPlayer is prone to multiple buffer-overflow vulnerabilities when it attempts to process malformed video files. These issues occur because the application fails to perform proper bounds-checking on user-supplied data prior to copying it to an insufficiently sized memory buffer.

These issues present themselves when malformed album and category titles are processed by the 'cddb_query_parse()' and 'cddb_parse_matches_list()' functions in the 'stream/stream_cddb.c' source file. A length parameter from the source file is directly used in memory copy operations without proper bounds-checking. This may allow attacker-supplied data to be copied into adjacent memory locations, facilitating the execution of arbitrary code.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.

MPlayer 1.0rc1 is vulnerable to this issue; previous versions may also be affected.

Affected Products:

• Debian Linux 4.0
• Debian Linux 4.0 alpha
• Debian Linux 4.0 amd64
• Debian Linux 4.0 arm
• Debian Linux 4.0 hppa
• Debian Linux 4.0 ia-32
• Debian Linux 4.0 ia-64
• Debian Linux 4.0 m68k
• Debian Linux 4.0 mips
• Debian Linux 4.0 mipsel
• Debian Linux 4.0 powerpc
• Debian Linux 4.0 s/390
• Debian Linux 4.0 sparc
• Gentoo Linux
• MPlayer MPlayer 1.0
• MPlayer MPlayer 1.0 -rc1
• MandrakeSoft Corporate Server 3.0.0
• MandrakeSoft Corporate Server 3.0.0 x86_64
• MandrakeSoft Linux Mandrake 2007.0
• MandrakeSoft Linux Mandrake 2007.0 x86_64
• MandrakeSoft Linux Mandrake 2007.1
• MandrakeSoft Linux Mandrake 2007.1 x86_64
• S.u.S.E. Linux Desktop 1.0.0

References:

• MPlayer: Diff of /trunk/stream/stream_cddb.c
• MPlayer: MPlayer Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.