Bug 24299

Summary: CVE-2010-3429: arbitrary offset dereference vulnerability in flic video codec
Product: Sisyphus Reporter: Vladimir Lettiev <crux>
Component: mplayerAssignee: Vladimir D. Seleznev <vseleznv>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: blocker    
Priority: P3 CC: ender, led, placeholder, rider, vseleznv
Version: unstableKeywords: security
Hardware: all   
OS: Linux   
URL: http://www.ocert.org/advisories/ocert-2010-004.html

Description Vladimir Lettiev 2010-10-14 10:38:54 MSD 
Since %def_disable shared_ffmpeg used in mplayer.spec mplayer used embeded version of libavcodec

+++ Данная ошибка создана размножением ошибки 24298 +++

The vulnerability affects the flic file format parser, insufficient restrictions on a writable buffer can be exploited to execute arbitrary code via the heap memory. A specific flic file can be crafted to trigger the vulnerability.

The MPlayer multimedia player is also affected as it statically includes libavcodec, the flic codec can be disabled in codecs.conf configuration file in order to workaround the issue.

fixed in mplayer >= snapshot 2010-09-28

http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=16c592155f117ccd7b86006c45aacc692a81c23b
Comment 1 Afanasov Dmitry 2010-11-06 12:25:46 MSK 
fixed в 1.0-alt35.32566.1