Date: Tue, 16 Dec 2008 19:59:56 -0500 (EST) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com cc: Steven Christey <coley@...us.mitre.org> Subject: Re: CVE request: mplayer Sorry for being so long to answer everything, I was on travel and the CVE team is re-analyzing our process so that we can be more responsive and stable in the longer term. - Steve ====================================================== Name: CVE-2008-5616 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5616 Reference: MISC:http://trapkit.de/advisories/TKADV2008-014.txt Reference: CONFIRM:http://svn.mplayerhq.hu/mplayer/branches/1.0rc2/libmpdemux/demux_vqf.c?r1=24723&r2=28150&pathrev=28150 Reference: CONFIRM:http://svn.mplayerhq.hu/mplayer/branches/1.0rc2/libmpdemux/demux_vqf.c?view=log&pathrev=28150#rev28150 Reference: BID:32822 Reference: URL:http://www.securityfocus.com/bid/32822 Reference: SECUNIA:33136 Reference: URL:http://secunia.com/advisories/33136 Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.