CVE-2008-0630
Published: 6 February 2008
Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 allows remote attackers to execute arbitrary code via a crafted URL that prevents the IPv6 parsing code from setting a pointer to NULL, which causes the buffer to be reused by the unescape code.
Priority
Status
Package | Release | Status |
---|---|---|
mplayer Launchpad, Ubuntu, Debian |
upstream |
Needed
|
dapper |
Released
(2:0.99+1.0pre7try2+cvs20060117-0ubuntu8.2)
|
|
edgy |
Released
(2:0.99+1.0pre8-0ubuntu8.3)
|
|
feisty |
Released
(2:1.0~rc1-0ubuntu9.3)
|
|
gutsy |
Released
(2:1.0~rc1-0ubuntu13.2)
|
|
hardy |
Released
(2:1.0~rc2-0ubuntu9)
|
|
Patches: vendor: http://www.debian.org/security/2008/dsa-1496 other: https://bugs.launchpad.net/ubuntu/+source/mplayer/+bug/191488 |