Vulnerability Description
The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1387.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mplayer | Mplayer | <= 1.0_rc1 |
Related Weaknesses (CWE)
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052738.html
- http://secunia.com/advisories/24443Vendor Advisory
- http://secunia.com/advisories/24444Vendor Advisory
- http://secunia.com/advisories/24446Vendor Advisory
- http://secunia.com/advisories/24448Vendor Advisory
- http://secunia.com/advisories/24462Vendor Advisory
- http://secunia.com/advisories/24866Vendor Advisory
- http://secunia.com/advisories/24897Vendor Advisory
- http://secunia.com/advisories/24995Vendor Advisory
- http://secunia.com/advisories/25462Vendor Advisory
- http://secunia.com/advisories/29601Vendor Advisory
- http://security.gentoo.org/glsa/glsa-200704-09.xml
- http://security.gentoo.org/glsa/glsa-200705-21.xml
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware
- http://svn.mplayerhq.hu/mplayer/trunk/loader/dmo/DMO_VideoDecoder.cPatch
FAQ
What is CVE-2007-1246?
CVE-2007-1246 is a vulnerability with a CVSS score of 7.6 (HIGH). The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remot...
How severe is CVE-2007-1246?
CVE-2007-1246 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1246?
Check the references section above for vendor advisories and patch information. Affected products include: Mplayer Mplayer.