oss-sec mailing list archives
Re: CVE request: mplayer
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 16 Dec 2008 19:59:56 -0500 (EST)
Sorry for being so long to answer everything, I was on travel and the CVE team is re-analyzing our process so that we can be more responsive and stable in the longer term. - Steve ====================================================== Name: CVE-2008-5616 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5616 Reference: MISC:http://trapkit.de/advisories/TKADV2008-014.txt Reference: CONFIRM:http://svn.mplayerhq.hu/mplayer/branches/1.0rc2/libmpdemux/demux_vqf.c?r1=24723&r2=28150&pathrev=28150 Reference: CONFIRM:http://svn.mplayerhq.hu/mplayer/branches/1.0rc2/libmpdemux/demux_vqf.c?view=log&pathrev=28150#rev28150 Reference: BID:32822 Reference: URL:http://www.securityfocus.com/bid/32822 Reference: SECUNIA:33136 Reference: URL:http://secunia.com/advisories/33136 Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file.
Current thread:
- CVE request: mplayer Steve Kemp (Dec 16)
- Re: CVE request: mplayer Steven M. Christey (Dec 16)