Debian Bug report logs - #508803
SA33136: MPlayer TwinVQ Processing Buffer Overflow Vulnerability

version graph

Package: mplayer; Maintainer for mplayer is Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>; Source for mplayer is src:mplayer.

Reported by: Giuseppe Iuculano <giuseppe@iuculano.it>

Date: Mon, 15 Dec 2008 14:21:02 UTC

Severity: grave

Tags: patch, security

Found in versions mplayer/1.0~rc1-12etch5, mplayer/1.0~rc2-17+lenny1, mplayer/1.0~rc2-18

Fixed in versions mplayer/1.0~rc2-19, 1.0~rc2-17+lenny2

Done: A Mennucc1 <mennucc1@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, A Mennucc1 <mennucc1@debian.org>:
Bug#508803; Package mplayer. (Mon, 15 Dec 2008 14:21:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Giuseppe Iuculano <giuseppe@iuculano.it>:
New Bug report received and forwarded. Copy sent to A Mennucc1 <mennucc1@debian.org>. (Mon, 15 Dec 2008 14:21:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Giuseppe Iuculano <giuseppe@iuculano.it>
To: submit@bugs.debian.org
Subject: SA33136: MPlayer TwinVQ Processing Buffer Overflow Vulnerability
Date: Mon, 15 Dec 2008 15:17:12 +0100
[Message part 1 (text/plain, inline)]
Subject: SA33136: MPlayer TwinVQ Processing Buffer Overflow Vulnerability
Package: mplayer
Version: 1.0~rc1-12etch5
Severity: grave
Tags: security patch

Hi,

The following SA (Secunia Advisory) id was published for mplayer:

SA33136[1]

> Description:
> Tobias Klein has reported a vulnerability in MPlayer, which
> potentially can be exploited by malicious people to compromise a
> user's system.
>
> The vulnerability is caused due to a boundary error within the
> "demux_open_vqf()" function in libmpdemux/demux_vqf.c. This can be
> exploited to cause a stack-based buffer overflow via a specially
> crafted TwinVQ file.
>
> Successful exploitation may allow execution of arbitrary code.
>
> The vulnerability is reported in version 1.0rc2. Other versions may
> also be affected.
>
> Solution:
> Fixed in the SVN repository.
> http://svn.mplayerhq.hu/mplayer/branc...=24723&r2=28150&pathrev=28150
>
> Provided and/or discovered by:
> Tobias Klein
>
> Original Advisory:
> http://trapkit.de/advisories/TKADV2008-014.txt

You can find the patch[2] in the upstream svn repository.

If you fix the vulnerability please also make sure to include the CVE id
(if available) in the changelog entry.

[1]http://secunia.com/advisories/33136/
[2]http://svn.mplayerhq.hu/mplayer/branches/1.0rc2/libmpdemux/demux_vqf.c?view=patch&r1=24723&r2=28150&pathrev=28150

Cheers,
Giuseppe.

[signature.asc (application/pgp-signature, attachment)]

Bug marked as found in version 1.0~rc2-17+lenny1. Request was from Giuseppe Iuculano <giuseppe@iuculano.it> to control@bugs.debian.org. (Mon, 15 Dec 2008 14:30:05 GMT) Full text and rfc822 format available.

Bug marked as found in version 1.0~rc2-18. Request was from Giuseppe Iuculano <giuseppe@iuculano.it> to control@bugs.debian.org. (Mon, 15 Dec 2008 17:57:05 GMT) Full text and rfc822 format available.

Reply sent to A Mennucc1 <mennucc1@debian.org>:
You have taken responsibility. (Mon, 15 Dec 2008 21:45:05 GMT) Full text and rfc822 format available.

Notification sent to Giuseppe Iuculano <giuseppe@iuculano.it>:
Bug acknowledged by developer. (Mon, 15 Dec 2008 21:45:05 GMT) Full text and rfc822 format available.

Message #14 received at 508803-close@bugs.debian.org (full text, mbox):

From: A Mennucc1 <mennucc1@debian.org>
To: 508803-close@bugs.debian.org
Subject: Bug#508803: fixed in mplayer 1.0~rc2-19
Date: Mon, 15 Dec 2008 21:32:19 +0000
Source: mplayer
Source-Version: 1.0~rc2-19

We believe that the bug you reported is fixed in the latest version of
mplayer, which is due to be installed in the Debian FTP archive:

mplayer-dbg_1.0~rc2-19_amd64.deb
  to pool/main/m/mplayer/mplayer-dbg_1.0~rc2-19_amd64.deb
mplayer-doc_1.0~rc2-19_all.deb
  to pool/main/m/mplayer/mplayer-doc_1.0~rc2-19_all.deb
mplayer_1.0~rc2-19.diff.gz
  to pool/main/m/mplayer/mplayer_1.0~rc2-19.diff.gz
mplayer_1.0~rc2-19.dsc
  to pool/main/m/mplayer/mplayer_1.0~rc2-19.dsc
mplayer_1.0~rc2-19_amd64.deb
  to pool/main/m/mplayer/mplayer_1.0~rc2-19_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 508803@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
A Mennucc1 <mennucc1@debian.org> (supplier of updated mplayer package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 15 Dec 2008 21:05:07 +0100
Source: mplayer
Binary: mplayer mplayer-dbg mplayer-doc
Architecture: source all amd64
Version: 1.0~rc2-19
Distribution: unstable
Urgency: high
Maintainer: A Mennucc1 <mennucc1@debian.org>
Changed-By: A Mennucc1 <mennucc1@debian.org>
Description: 
 mplayer    - movie player for Unix-like systems
 mplayer-dbg - debugging symbols for MPlayer
 mplayer-doc - documentation for MPlayer
Closes: 508803
Changes: 
 mplayer (1.0~rc2-19) unstable; urgency=high
 .
   * SA33136: MPlayer TwinVQ Processing Buffer Overflow Vulnerability
     Thanks to T. Klein, G. Iuculano, R. Döffinger  (Closes: #508803).
Checksums-Sha1: 
 8a077de9c86142f18b97c7de01f8055b4077e3ea 2075 mplayer_1.0~rc2-19.dsc
 70c2ec08e5970b7d062e4044f3ec8926e64fc851 358940 mplayer_1.0~rc2-19.diff.gz
 c600df19952345ab587a84a287e9b2986f951fb5 2463224 mplayer-doc_1.0~rc2-19_all.deb
 791ad30871868f1cc130397ad79b8b2e30e1b8bd 3199388 mplayer_1.0~rc2-19_amd64.deb
 db517b59310c12b471c2556756a7bd3881dce1c7 2446554 mplayer-dbg_1.0~rc2-19_amd64.deb
Checksums-Sha256: 
 7628f3f7a2f8936780d02f8ccd051576869e73060035c5c2347ccbf530d4ffff 2075 mplayer_1.0~rc2-19.dsc
 618b201af76985eef9b8d6959a2e13705a7603d6b8d3053da42d3c0da90d94bd 358940 mplayer_1.0~rc2-19.diff.gz
 a5d3fca69c6bc59d452586de3844781280ee6bde6fd85cce39536ace2f24b392 2463224 mplayer-doc_1.0~rc2-19_all.deb
 7918fd4186e30d1c81d17bf0ec74f42f2edc1e4345601c0f3bbe0c4921c1d2f1 3199388 mplayer_1.0~rc2-19_amd64.deb
 5a5e87a450fed758e620a53dc43a5f1bb9266ebfa9060f3dc349978fba624b02 2446554 mplayer-dbg_1.0~rc2-19_amd64.deb
Files: 
 0dc594c4b40e793c5119440656731a41 2075 graphics optional mplayer_1.0~rc2-19.dsc
 8f0297be2a2b0632a39091bd7c4983c3 358940 graphics optional mplayer_1.0~rc2-19.diff.gz
 be328f70d4731aee11df123d618bd67b 2463224 doc optional mplayer-doc_1.0~rc2-19_all.deb
 60e53a646fda47ec623db345a511bcdc 3199388 graphics optional mplayer_1.0~rc2-19_amd64.deb
 4fcf7b7ea080546f6ee62663afd5e294 2446554 graphics extra mplayer-dbg_1.0~rc2-19_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAklGxp8ACgkQ9B/tjjP8QKRlHQCfdLirvwPWVSBGhNvS/2PE2YNf
WrcAnRR2oZ5F20s9LsXav2BSKk+oJg3U
=qfma
-----END PGP SIGNATURE-----





Bug marked as fixed in version 1.0~rc2-17+lenny2. Request was from Neil McGovern <maulkin@halon.org.uk> to control@bugs.debian.org. (Sun, 04 Jan 2009 17:39:03 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 16 Mar 2009 07:33:53 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 18:27:51 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.