aru Posted April 8, 2006 Report Share Posted April 8, 2006 Mandriva Advisories MDKSA-2006:068 : mplayer Updated mplayer packages fix integer overflow vulnerabilities April 7th, 2006 Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negative integer after the conversion from a char to an int or (2) an AVI file with a crafted wLongsPerEntry or nEntriesInUse value in the indx chunk, which is handled in aviheader.c. The updated packages have been patched to prevent this problem. The released versions of Mandriva GNU/Linux affected are: CS3.0 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:068 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1502 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $) Link to comment Share on other sites More sharing options...
Recommended Posts