CVE-2008-0486
Publication date 5 February 2008
Last updated 24 July 2024
Ubuntu priority
Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.
Status
Package | Ubuntu Release | Status |
---|---|---|
mplayer | 8.04 LTS hardy |
Fixed 2:1.0~rc2-0ubuntu9
|
7.10 gutsy |
Fixed 2:1.0~rc1-0ubuntu13.2
|
|
7.04 feisty |
Fixed 2:1.0~rc1-0ubuntu9.3
|
|
6.10 edgy |
Fixed 2:0.99+1.0pre8-0ubuntu8.2
|
|
6.06 LTS dapper |
Not affected
|
|
xine-lib | 8.04 LTS hardy |
Not affected
|
7.10 gutsy |
Fixed 1.1.7-1ubuntu1.3
|
|
7.04 feisty |
Fixed 1.1.4-2ubuntu3.1
|
|
6.10 edgy | Ignored end of life, was needed | |
6.06 LTS dapper |
Not affected
|
Notes
Patch details
Package | Patch details |
---|---|
mplayer | |
xine-lib |