Bug 24299 - CVE-2010-3429: arbitrary offset dereference vulnerability in flic video codec
Summary: CVE-2010-3429: arbitrary offset dereference vulnerability in flic video codec
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: mplayer (show other bugs)
Version: unstable
Hardware: all Linux
: P3 blocker
Assignee: Vladimir D. Seleznev
QA Contact: qa-sisyphus
URL: http://www.ocert.org/advisories/ocert...
Keywords: security
Depends on:
Blocks:
 
Reported: 2010-10-14 10:38 MSD by Vladimir Lettiev
Modified: 2010-11-06 12:25 MSK (History)
5 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Lettiev 2010-10-14 10:38:54 MSD 
Since %def_disable shared_ffmpeg used in mplayer.spec mplayer used embeded version of libavcodec

+++ Данная ошибка создана размножением ошибки 24298 +++

The vulnerability affects the flic file format parser, insufficient restrictions on a writable buffer can be exploited to execute arbitrary code via the heap memory. A specific flic file can be crafted to trigger the vulnerability.

The MPlayer multimedia player is also affected as it statically includes libavcodec, the flic codec can be disabled in codecs.conf configuration file in order to workaround the issue.

fixed in mplayer >= snapshot 2010-09-28

http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=16c592155f117ccd7b86006c45aacc692a81c23b
Comment 1 Afanasov Dmitry 2010-11-06 12:25:46 MSK 
fixed в 1.0-alt35.32566.1