mplayer

• Author: voroskoi
• Vulnerable: 1.0rc1-4terminus2
• Unaffected: 1.0rc1-4terminus3

Secunia Research has discovered some vulnerabilities in MPlayer, which can be exploited by malicious people to compromise a user’s system.

1. A boundary error within the “cddb_query_parse()” function in stream/stream_cddb.c when parsing album titles can be exploited to cause a stack-based buffer overflow by tricking a user into parsing malicious CDDB entries via overly long album titles. Successful exploitation allows execution of arbitrary code.
2. Boundary errors within the “cddb_parse_matches_list()” and “cddb_read_parse()” functions in stream/stream_cddb.c when parsing album and category titles can be exploited to cause stack-based buffer overflows by tricking a user into parsing malicious CDDB entries with overly long album or category titles. Successful exploitation allows execution of arbitrary code, but may require that the user connects to a malicious server.

• Bug Tracker URL: http://bugs.frugalware.org/task/2131

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2948