Launchpad.net

CVE 2008-0630

Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 allows remote attackers to execute arbitrary code via a crafted URL that prevents the IPv6 parsing code from setting a pointer to NULL, which causes the buffer to be reused by the unescape code.

Related bugs and status

CVE-2008-0630 (Candidate) is related to these bugs:

Bug #73271: flv audio lag

Summary				In	Importance	Status
	73271	flv audio lag		mplayer (Ubuntu)	Medium	Fix Released

Bug #74282: Altivec detection broken on G3 (multiple packages)

		In	Importance	Status
74282	Altivec detection broken on G3 (multiple packages)	ffmpeg (Ubuntu)	Undecided	Fix Released
74282	Altivec detection broken on G3 (multiple packages)	mplayer (Ubuntu)	Undecided	Fix Released
74282	Altivec detection broken on G3 (multiple packages)	mplayer (Debian)	Unknown	Fix Released

Bug #191410: CVE-2008-0630 buffer overflow via crafted url

Summary				In	Importance	Status
	191410	CVE-2008-0630 buffer overflow via crafted url		mplayer (Ubuntu)	High	New
	191410	CVE-2008-0630 buffer overflow via crafted url		mplayer (Debian)	Unknown	Fix Released

Bug #191488: [mplayer] [DSA-1496-1] several buffer overflows

		In	Importance	Status
191488	[mplayer] [DSA-1496-1] several buffer overflows	mplayer (Ubuntu)	High	Fix Released
191488	[mplayer] [DSA-1496-1] several buffer overflows	mplayer (Ubuntu Feisty)	High	Fix Released
191488	[mplayer] [DSA-1496-1] several buffer overflows	mplayer (Ubuntu Gutsy)	High	Fix Released
191488	[mplayer] [DSA-1496-1] several buffer overflows	mplayer (Ubuntu Hardy)	High	Fix Released
191488	[mplayer] [DSA-1496-1] several buffer overflows	mplayer (Ubuntu Dapper)	High	Fix Released
191488	[mplayer] [DSA-1496-1] several buffer overflows	mplayer (Ubuntu Edgy)	High	Fix Released

Bug #243453: Please Upgrade Mplayer

Summary				In	Importance	Status
	243453	Please Upgrade Mplayer		mplayer (Ubuntu)	Wishlist	Fix Released
	243453	Please Upgrade Mplayer		Medibuntu	Undecided	Invalid

Bug #246675: mplayer doesn't start immediately

Summary				In	Importance	Status
	246675	mplayer doesn't start immediately		mplayer (Ubuntu)	Undecided	Fix Released

Bug #260918: needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")

		In	Importance	Status
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	libv4l (Ubuntu)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	camorama (Debian)	Unknown	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	libv4l (Ubuntu Intrepid)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	xawtv (Ubuntu)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	xawtv (Ubuntu Intrepid)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	gst-plugins-good0.10 (Ubuntu)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	gst-plugins-good0.10 (Ubuntu Intrepid)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	pwlib (Ubuntu)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	pwlib (Ubuntu Intrepid)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	camorama (Ubuntu)	Undecided	Invalid
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	camorama (Ubuntu Intrepid)	Undecided	Invalid
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	vlc (Ubuntu)	Undecided	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	vlc (Ubuntu Intrepid)	Undecided	Won't Fix
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	mplayer (Ubuntu)	Undecided	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	mplayer (Ubuntu Intrepid)	Undecided	Won't Fix
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	amsn (Ubuntu)	Undecided	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	amsn (Ubuntu Intrepid)	Undecided	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	came (Ubuntu)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	came (Ubuntu Intrepid)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	camstream (Ubuntu)	Undecided	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	camstream (Ubuntu Intrepid)	Undecided	Invalid
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	gst-plugins-good0.10 (Fedora)	Low	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	pwlib (Fedora)	Low	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	xawtv (Fedora)	Medium	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	Ekiga	Medium	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	gst-plugins-good	Medium	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	ekiga (Ubuntu)	Undecided	Invalid
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	ekiga (Ubuntu Intrepid)	Undecided	Invalid
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	Kopete	Medium	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	VLC media player	Unknown	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	Medibuntu	Medium	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	GStreamer	Medium	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	Cheese	Critical	Unknown
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	Wine	Medium	Confirmed
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	OpenCV	Unknown	Unknown
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	Kdenlive	Unknown	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	cheese (Ubuntu)	High	Invalid
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	cheese (Ubuntu Intrepid)	Undecided	Invalid
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	cheese (Ubuntu Lucid)	Undecided	Invalid
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	Mozilla Firefox	Medium	Invalid
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	Adobe Flash Plugin Tools	Undecided	Won't Fix

Bug #308939: CVE-2008-5616: mplayer buffer overflow which can be triggered using specially crafted TwinVQ files

Summary				In	Importance	Status
	308939	CVE-2008-5616: mplayer buffer overflow which can be triggered using specially crafted TwinVQ files		mplayer (Ubuntu)	Undecided	Fix Released

Bug #336697: Sync with MPlayer SVN as recommended by countless MPlayer devs

Summary				In	Importance	Status
	336697	Sync with MPlayer SVN as recommended by countless MPlayer devs		mplayer (Ubuntu)	Undecided	Fix Released
	336697	Sync with MPlayer SVN as recommended by countless MPlayer devs		MPlayer	Undecided	Invalid

Bug #347021: mplayer can't play some recent flv video

Summary				In	Importance	Status
	347021	mplayer can't play some recent flv video		mplayer (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.mplayerhq.h...
DEBIAN: DSA-1496
BID: 27766
SECUNIA: 28956
MANDRIVA: MDVSA-2008:045
SECUNIA: 28955
GENTOO: GLSA-200803-16
SECUNIA: 29307