Ubuntu
mplayer package

[CVE-2009-0385] arbitrary code excecution via NULL pointer dereference

Bug #731625 reported by Firas Kraïem
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mplayer (Ubuntu)
Invalid
Undecided
Unassigned
Hardy
Fix Released
Low
Firas Kraïem

Bug Description

Binary package hint: mplayer

Integer signedness error in the fourxm_read_header function in
libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers
to execute arbitrary code via a malformed 4X movie file with a large
current_track value, which triggers a NULL pointer dereference.

Only Hardy is affected.

Revision history for this message
Firas Kraïem (firas) wrote :

Attached debdiff fixes the issue (patch copied from the ffmpeg package).

Jamie Strandboge (jdstrand)
visibility: private → public
Revision history for this message
Kees Cook (kees) wrote :

Thanks! This patch looks fine. :)

Changed in mplayer (Ubuntu):
status: New → In Progress
Changed in mplayer (Ubuntu Hardy):
status: New → In Progress
Changed in mplayer (Ubuntu):
status: In Progress → New
Changed in mplayer (Ubuntu Hardy):
assignee: nobody → Firas Kraïem (firas)
Changed in mplayer (Ubuntu):
status: New → Invalid
Changed in mplayer (Ubuntu Hardy):
importance: Undecided → Low
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mplayer - 2:1.0~rc2-0ubuntu13.2

---------------
mplayer (2:1.0~rc2-0ubuntu13.2) hardy-security; urgency=low

  * SECURITY UPDATE: Integer signedness error in the fourxm_read_header
    function in libavformat/4xm.c in FFmpeg before revision 16846 allows
    remote attackers to execute arbitrary code via a malformed 4X movie
    file with a large current_track value, which triggers a NULL pointer
    dereference. (LP: #731625)
    - libavformat/4xm.c - patch from ffmpeg package in hardy-security
    - References:
      + CVE-2009-0385
 -- Firas Kraiem <email address hidden> Tue, 08 Mar 2011 22:53:14 +0100

Changed in mplayer (Ubuntu Hardy):
status: Fix Committed → Fix Released
Revision history for this message
Reinhard Tartler (siretart) wrote :

have you verified that the file is actually used during compilation?

while the mplayer packages ships a private copy of libavformat, the ubuntu package is configured to use the system libavformat library.

Revision history for this message
Firas Kraïem (firas) wrote :

Yes, the file is used, see lines 3358 and 6716 of attached build log.

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.