oss-sec mailing list archives

CVE request: crashers / potential security risks in mplayer

From: Hanno Böck <hanno () hboeck de>
Date: Tue, 7 Oct 2008 12:50:41 +0200

Seems we're still not done with the zzuf stuff Sam Hocevar released ages ago.
Original source:
http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities

Please assign some CVEs for mplayer:

Crasher in aac parser, samples:
http://sam.zoy.org/zzuf/lol-mplayer.aac
http://sam.zoy.org/zzuf/lol-vlc.aac
http://sam.zoy.org/zzuf/lol-mplayer.aac

Crasher in ogg parser, samples:
http://sam.zoy.org/zzuf/lol-mplayer.ogm
http://sam.zoy.org/zzuf/lol-ffplay.ogm



-- 
Hanno Böck              Blog:           http://www.hboeck.de/
GPG: 3DBD3B20           Jabber/Mail:    hanno () hboeck de

http://freiheitstattangst.de/ - 11.10. Berlin gegen Überwachung
http://x1000malquer.de/ - ab 8.11. Atomtransporte stoppen

Attachment: signature.asc
Description: This is a digitally signed message part.

Current thread:

CVE request: crashers / potential security risks in mplayer Hanno Böck (Oct 07)
- Re: CVE request: crashers / potential security risks in mplayer Steven M. Christey (Oct 20)