18 lines
No EOL
825 B
Text
18 lines
No EOL
825 B
Text
source: https://www.securityfocus.com/bid/25648/info
|
|
|
|
MPlayer is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input data.
|
|
|
|
Attackers can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed attacks will result in denial-of-service conditions.
|
|
|
|
MPlayer 1.0rc1 is vulnerable; other versions may also be affected.
|
|
|
|
NOTE: The vendor states that this issue is present only on operating systems with a 'calloc' implementation that is prone to an integer-overflow issue.
|
|
|
|
The following proof-of-concept AVI header data is available:
|
|
69 6E 64 78 00 FF FF FF 01 11 64 73 20 00 00 10
|
|
|
|
indx truck size 0xffffff00
|
|
wLongsPerEntry 0x0001
|
|
BIndexSubType is 0x64
|
|
bIndexType is 0x73
|
|
nEntriesInuse is 0x10000020 |