Ubuntu
mplayer package

CVE-2008-0629 buffer overflow via crafted cddb title

Bug #191412 reported by Laurent Bigonville on 2008-02-13

This bug report is a duplicate of: Bug #191488: [mplayer] [DSA-1496-1] several buffer overflows. Edit Remove

254

Affects		Status	Importance	Assigned to	Milestone
	mplayer (Debian)	Fix Released	Unknown	debbugs #464533
	mplayer (Ubuntu)	New	Undecided	Unassigned

Bug Description

Binary package hint: mplayer

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for mplayer.

CVE-2008-0629[0]:
| Buffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN before
| r25824 allows remote user-assisted attackers to execute arbitrary code
| via a CDDB database entry containing a long album title.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

A fix for this can be found on:
http://svn.mplayerhq.hu/mplayer/trunk/stream/stream_cddb.c?r1=25820&r2=25824

CVE References

2008-0629

Bug Watch Updater (bug-watch-updater) on 2008-02-13

Changed in mplayer:
status:	Unknown → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicate of bug #191488 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

debbugs #464533
[done grave patch security] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntumplayer package