public marks

PUBLIC MARKS from tadeufilippini with tags mplayer & "linux movie player"

23 August 2007 23:45

MPlayer - The Movie Player

by 3 others
A stack overflow was found and reported by Stefan Cornelius of Secunia Research in the code used to handle cddb queries. Two other similar issues were found by Reimar Döffinger while fixing the issue. The vulnerability is identified with CVE-2007-2948 and SAID 24302. When copying the album title and category, no checking was performed on the size of the strings before storing them in a fixed-size array. A malicious entry in the database could trigger a stack overflow in the program, leading to arbitrary code execution with the uid of the user running MPlayer.