Launchpad.net

CVE 2008-5616

Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file.

Related bugs and status

CVE-2008-5616 (Candidate) is related to these bugs:

Bug #73271: flv audio lag

Summary				In	Importance	Status
	73271	flv audio lag		mplayer (Ubuntu)	Medium	Fix Released

Bug #74282: Altivec detection broken on G3 (multiple packages)

		In	Importance	Status
74282	Altivec detection broken on G3 (multiple packages)	ffmpeg (Ubuntu)	Undecided	Fix Released
74282	Altivec detection broken on G3 (multiple packages)	mplayer (Ubuntu)	Undecided	Fix Released
74282	Altivec detection broken on G3 (multiple packages)	mplayer (Debian)	Unknown	Fix Released

Bug #243453: Please Upgrade Mplayer

Summary				In	Importance	Status
	243453	Please Upgrade Mplayer		mplayer (Ubuntu)	Wishlist	Fix Released
	243453	Please Upgrade Mplayer		Medibuntu	Undecided	Invalid

Bug #246675: mplayer doesn't start immediately

Summary				In	Importance	Status
	246675	mplayer doesn't start immediately		mplayer (Ubuntu)	Undecided	Fix Released

Bug #260918: needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")

		In	Importance	Status
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	libv4l (Ubuntu)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	camorama (Debian)	Unknown	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	libv4l (Ubuntu Intrepid)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	xawtv (Ubuntu)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	xawtv (Ubuntu Intrepid)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	gst-plugins-good0.10 (Ubuntu)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	gst-plugins-good0.10 (Ubuntu Intrepid)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	pwlib (Ubuntu)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	pwlib (Ubuntu Intrepid)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	camorama (Ubuntu)	Undecided	Invalid
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	camorama (Ubuntu Intrepid)	Undecided	Invalid
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	vlc (Ubuntu)	Undecided	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	vlc (Ubuntu Intrepid)	Undecided	Won't Fix
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	mplayer (Ubuntu)	Undecided	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	mplayer (Ubuntu Intrepid)	Undecided	Won't Fix
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	amsn (Ubuntu)	Undecided	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	amsn (Ubuntu Intrepid)	Undecided	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	came (Ubuntu)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	came (Ubuntu Intrepid)	High	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	camstream (Ubuntu)	Undecided	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	camstream (Ubuntu Intrepid)	Undecided	Invalid
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	gst-plugins-good0.10 (Fedora)	Low	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	pwlib (Fedora)	Low	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	xawtv (Fedora)	Medium	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	Ekiga	Medium	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	gst-plugins-good	Medium	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	ekiga (Ubuntu)	Undecided	Invalid
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	ekiga (Ubuntu Intrepid)	Undecided	Invalid
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	Kopete	Medium	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	VLC media player	Unknown	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	Medibuntu	Medium	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	GStreamer	Medium	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	Cheese	Critical	Unknown
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	Wine	Medium	Confirmed
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	OpenCV	Unknown	Unknown
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	Kdenlive	Unknown	Fix Released
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	cheese (Ubuntu)	High	Invalid
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	cheese (Ubuntu Intrepid)	Undecided	Invalid
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	cheese (Ubuntu Lucid)	Undecided	Invalid
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	Mozilla Firefox	Medium	Invalid
260918	needed: libv4l and associated application patches (or "gspca stopped working in 2.6.27")	Adobe Flash Plugin Tools	Undecided	Won't Fix

Bug #308939: CVE-2008-5616: mplayer buffer overflow which can be triggered using specially crafted TwinVQ files

Summary				In	Importance	Status
	308939	CVE-2008-5616: mplayer buffer overflow which can be triggered using specially crafted TwinVQ files		mplayer (Ubuntu)	Undecided	Fix Released

Bug #336697: Sync with MPlayer SVN as recommended by countless MPlayer devs

Summary				In	Importance	Status
	336697	Sync with MPlayer SVN as recommended by countless MPlayer devs		mplayer (Ubuntu)	Undecided	Fix Released
	336697	Sync with MPlayer SVN as recommended by countless MPlayer devs		MPlayer	Undecided	Invalid

Bug #347021: mplayer can't play some recent flv video

Summary				In	Importance	Status
	347021	mplayer can't play some recent flv video		mplayer (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://trapkit.de/advi...
BID: 32822
SECUNIA: 33136
MANDRIVA: MDVSA-2009:013
MANDRIVA: MDVSA-2009:014
DEBIAN: DSA-1782
SECUNIA: 34845
CONFIRM: http://svn.mplayerhq.h...
CONFIRM: http://svn.mplayerhq.h...
BUGTRAQ: 20081214 [TKADV2008-01...