[MPlayer-users] Buffer Overflow in Mplayer v0.91 and prior

D Richard Felker III dalias at aerifal.cx
Sun Aug 31 23:37:39 CEST 2003


On Sun, Aug 31, 2003 at 05:46:17PM -0300, CoKi wrote:
> [Automatic answer: RTFM (read DOCS, FAQ), also read DOCS/bugreports.html]
> -------------------------------------------------
> No System Group - Advisory #2 - 01/09/03
> -------------------------------------------------
> Program:  MPlayer - The Movie Player for Linux 
> Homepage:  http://www.mplayerhq.hu
> Vulnerable Versions: Mplayer v0.91 and prior
> Risk: Low / Medium
> Impact: Stack Buffer Overflow
> -------------------------------------------------
> 
> 
> - DESCRIPTION
> -------------------------------------------------
> MPlayer is a movie player for LINUX (runs on many
> other Unices, and non-x86 CPUs, see the documentation).
> It plays most MPEG, VOB, AVI, OGG/OGM, VIVO, ASF/WMA/WMV,
> QT/MOV/MP4, FLI, RM, NuppelVideo, YUV4MPEG, FILM, RoQ, PVA
> files, supported by many native, XAnim, and Win32 DLL codecs.
> 
> More informations at: http://www.mplayerhq.hu
> 
> 
> - DETAILS
> -------------------------------------------------
> bash-2.05b$ gmplayer `perl -e 'print "A" x 550'`

Umm, this advisory is incredibly stupid. How is it a vulnerability if
you make mplayer (which runs as your uid) crash based on the filename
*you* give it on the command line?!? If this can be done from
playlists, then maybe it's a vulnerability, but this advisory doesn't
even address that.

Rich




More information about the MPlayer-users mailing list