[MPlayer-DOCS] [homepage]: r2955 - trunk/src/news.src.en
Corey Hickey
bugfood-ml at fatooh.org
Tue Jun 5 23:33:12 CEST 2007
rtogni wrote:
> +A stack overflow was found and reported by Stefan Cornelius of Secunia
> +Researchin in the code used to handle cddb queries. Two other similar issues
typo ^^
> +were found by Reimar Döffinger while fixing the issue. The vulnerability is
> +identified with CVE-2007-2948 and
> +<a href="http://secunia.com/advisories/24302/">SAID 24302</a>.
> +</p>
> +
> +<p>
> +When copying the album title and category, no checking was performed on the size
> +of the strings before storing them in a fixed-size array. A malicious entry in
> +the database could trigger a stack overflow in the program, leading to arbitrary
> +code execution with the uid of the user running MPlayer.
> +</p>
> +
> +<h3>Severity</h3>
> +
> +<p>
> +High (arbitrary remote code execution under the user ID running the player)
> +when getting disk information from a malicious cddb entry, null if you do not
> +use this feature. Please note that is possible to overwrite entries in the cddb
"it is" ^^
> +database, so an attack can be performed also via a non-compromised server.
I think it is more correct to say, "an attack can also be performed via
a non-compromised server."
-Corey
More information about the MPlayer-DOCS
mailing list