Details of VAR-200709-0172

ID

VAR-200709-0172

CVE

CVE-2007-4938

TITLE

MPlayer AVIHeader.C Heap Based Buffer Overflow Vulnerability

Trust: 0.9

sources: BID: 25648 // CNNVD: CNNVD-200709-234

DESCRIPTION

Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value. MPlayer is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input data. Attackers can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed attacks will result in denial-of-service conditions. MPlayer 1.0rc1 is vulnerable; other versions may also be affected. NOTE: The vendor states that this issue is present only on operating systems with a 'calloc' implementation that is prone to an integer-overflow issue. There is a heap buffer overflow in libmpdemux/aviheader.c in MPlayer. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4938 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 664764460655f8fa3ffe837fe1c753c4 2007.0/i586/libdha1.0-1.0-1.pre8.13.5mdv2007.0.i586.rpm 92e7649f53c13651062b76f33b093f16 2007.0/i586/mencoder-1.0-1.pre8.13.5mdv2007.0.i586.rpm ea399734d197db1b88a8706ad9bf855a 2007.0/i586/mplayer-1.0-1.pre8.13.5mdv2007.0.i586.rpm 9d751d448cf399915dc11233f291bed5 2007.0/i586/mplayer-gui-1.0-1.pre8.13.5mdv2007.0.i586.rpm c015287479e38ccf22e271b3e97cc3ac 2007.0/SRPMS/mplayer-1.0-1.pre8.13.5mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: a841c634484003178dbe3edcf04250fb 2007.0/x86_64/mencoder-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm 0c59b24ecd8977087b546ad373b5c556 2007.0/x86_64/mplayer-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm 8a9e6cd4f9b438470a08f770a6f3faca 2007.0/x86_64/mplayer-gui-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm c015287479e38ccf22e271b3e97cc3ac 2007.0/SRPMS/mplayer-1.0-1.pre8.13.5mdv2007.0.src.rpm Mandriva Linux 2007.1: 1f9dba71ed8296072bbb29a276b24349 2007.1/i586/libdha1.0-1.0-1.rc1.11.3mdv2007.1.i586.rpm b679aa7cfb01a9173539045c7ae06a42 2007.1/i586/mencoder-1.0-1.rc1.11.3mdv2007.1.i586.rpm 518690338f0b044e2e591f9cc49c3eab 2007.1/i586/mplayer-1.0-1.rc1.11.3mdv2007.1.i586.rpm 54a46f319a936e2e94c833385dc01b92 2007.1/i586/mplayer-doc-1.0-1.rc1.11.3mdv2007.1.i586.rpm bd9470eb57ee6ced6a9e3358d8d47484 2007.1/i586/mplayer-gui-1.0-1.rc1.11.3mdv2007.1.i586.rpm 3e6887feff803bc3a3efe864842e0679 2007.1/SRPMS/mplayer-1.0-1.rc1.11.3mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: af0ee01741af03a7a75b6a5289dbca9d 2007.1/x86_64/mencoder-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm 0e7e5f18937ebd4a050a683da5116e3e 2007.1/x86_64/mplayer-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm 4eeb75257e99b553e90b2c767fce6903 2007.1/x86_64/mplayer-doc-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm 2604e564242de95388b4e543624db4dc 2007.1/x86_64/mplayer-gui-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm 3e6887feff803bc3a3efe864842e0679 2007.1/SRPMS/mplayer-1.0-1.rc1.11.3mdv2007.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHAV4CmqjQ0CJFipgRAhrhAKC9bfRHlSG6+oVGztLTNtG5AfVqgACg21JC obuu0r4eZMhQuLCVAh4l7Ms= =WAef -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,700 different Windows applications. Request your account, the Secunia Network Software Inspector (NSI): http://secunia.com/network_software_inspector/ ---------------------------------------------------------------------- TITLE: Mandriva update for mplayer SECUNIA ADVISORY ID: SA27016 VERIFY ADVISORY: http://secunia.com/advisories/27016/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From remote OPERATING SYSTEM: Mandriva Linux 2007 http://secunia.com/product/12165/ DESCRIPTION: Mandriva has issued an update for mplayer. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a user's system. For more information: SA19418 SOLUTION: Apply updated packages. Mandriva Linux 2007 664764460655f8fa3ffe837fe1c753c4 2007.0/i586/libdha1.0-1.0-1.pre8.13.5mdv2007.0.i586.rpm 92e7649f53c13651062b76f33b093f16 2007.0/i586/mencoder-1.0-1.pre8.13.5mdv2007.0.i586.rpm ea399734d197db1b88a8706ad9bf855a 2007.0/i586/mplayer-1.0-1.pre8.13.5mdv2007.0.i586.rpm 9d751d448cf399915dc11233f291bed5 2007.0/i586/mplayer-gui-1.0-1.pre8.13.5mdv2007.0.i586.rpm c015287479e38ccf22e271b3e97cc3ac 2007.0/SRPMS/mplayer-1.0-1.pre8.13.5mdv2007.0.src.rpm Mandriva Linux 2007/X86_64 a841c634484003178dbe3edcf04250fb 2007.0/x86_64/mencoder-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm 0c59b24ecd8977087b546ad373b5c556 2007.0/x86_64/mplayer-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm 8a9e6cd4f9b438470a08f770a6f3faca 2007.0/x86_64/mplayer-gui-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm c015287479e38ccf22e271b3e97cc3ac 2007.0/SRPMS/mplayer-1.0-1.pre8.13.5mdv2007.0.src.rpm ORIGINAL ADVISORY: http://www.mandriva.com/security/advisories?name=MDKSA-2007:192 OTHER REFERENCES: SA19418: http://secunia.com/advisories/19418/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.16

sources: NVD: CVE-2007-4938 // JVNDB: JVNDB-2007-004396 // BID: 25648 // VULHUB: VHN-28300 // PACKETSTORM: 59748 // PACKETSTORM: 59739

AFFECTED PRODUCTS

vendor:	mplayer	model:	mplayer	scope:	eq	version:	1.0_rc1	Trust: 1.0
vendor:	sgi	model:	irix	scope:	eq	version:	*	Trust: 1.0
vendor:	mplayer	model:	mplayer	scope:	lte	version:	1.0rc1	Trust: 0.8
vendor:	sgi	model:	irix	scope:	eq	version:	6.5	Trust: 0.8
vendor:	microsoft	model:	windows me	scope:	-	version:	-	Trust: 0.6
vendor:	microsoft	model:	windows nt	scope:	eq	version:	4.0	Trust: 0.6
vendor:	microsoft	model:	windows 98	scope:	-	version:	-	Trust: 0.6
vendor:	microsoft	model:	windows xp	scope:	-	version:	-	Trust: 0.6
vendor:	mplayer	model:	-rc1	scope:	eq	version:	1.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2007.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2007.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2007.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2007.0	Trust: 0.3

sources: BID: 25648 // JVNDB: JVNDB-2007-004396 // CNNVD: CNNVD-200709-234 // NVD: CVE-2007-4938

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-4938
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-4938
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200709-234
value:	HIGH
Trust: 0.6
VULHUB:	VHN-28300
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-4938
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-28300
severity:	HIGH
baseScore:	7.6
vectorString:	AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-28300 // JVNDB: JVNDB-2007-004396 // CNNVD: CNNVD-200709-234 // NVD: CVE-2007-4938

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-28300 // JVNDB: JVNDB-2007-004396 // NVD: CVE-2007-4938

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 59748 // CNNVD: CNNVD-200709-234

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200709-234

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-004396

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-28300

PATCH

title:	Top Page	url:	http://www.mplayerhq.hu/design7/news.html	Trust: 0.8
title:	Top Page	url:	http://www.sgi.com/	Trust: 0.8

sources: JVNDB: JVNDB-2007-004396

EXTERNAL IDS

db:	NVD	id:	CVE-2007-4938	Trust: 2.9
db:	BID	id:	25648	Trust: 2.0
db:	SECUNIA	id:	27016	Trust: 1.8
db:	OSVDB	id:	45940	Trust: 1.7
db:	SREASON	id:	3144	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-004396	Trust: 0.8
db:	XF	id:	36581	Trust: 0.6
db:	MANDRIVA	id:	MDKSA-2007:192	Trust: 0.6
db:	BUGTRAQ	id:	20070912 CAL-20070912-1 MULTIPLE VENDOR PRODUCE HANDLING AVI FILE VULNERABILITIES	Trust: 0.6
db:	CNNVD	id:	CNNVD-200709-234	Trust: 0.6
db:	PACKETSTORM	id:	59748	Trust: 0.2
db:	EXPLOIT-DB	id:	30578	Trust: 0.1
db:	VULHUB	id:	VHN-28300	Trust: 0.1
db:	PACKETSTORM	id:	59739	Trust: 0.1

sources: VULHUB: VHN-28300 // BID: 25648 // JVNDB: JVNDB-2007-004396 // PACKETSTORM: 59748 // PACKETSTORM: 59739 // CNNVD: CNNVD-200709-234 // NVD: CVE-2007-4938

REFERENCES

url:	http://www.mandriva.com/security/advisories?name=mdksa-2007:192	Trust: 1.8
url:	http://www.securityfocus.com/bid/25648	Trust: 1.7
url:	http://www.vulnhunt.com/advisories/cal-20070912-1_multiple_vendor_produce_handling_avi_file_vulnerabilities.txt	Trust: 1.7
url:	http://osvdb.org/45940	Trust: 1.7
url:	http://secunia.com/advisories/27016	Trust: 1.7
url:	http://securityreason.com/securityalert/3144	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/479222/100/0/threaded	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/36581	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4938	Trust: 0.9
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4938	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/36581	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/479222/100/0/threaded	Trust: 0.6
url:	http://www.mplayerhq.hu/	Trust: 0.3
url:	http://svn.mplayerhq.hu/mplayer?diff_format=u&view=rev&revision=24447	Trust: 0.3
url:	/archive/1/479222	Trust: 0.3
url:	http://www.mandriva.com/security/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2007-4938	Trust: 0.1
url:	http://www.mandriva.com/security/advisories	Trust: 0.1
url:	http://secunia.com/advisories/27016/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/network_software_inspector/	Trust: 0.1
url:	http://secunia.com/product/12165/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/19418/	Trust: 0.1

sources: VULHUB: VHN-28300 // BID: 25648 // JVNDB: JVNDB-2007-004396 // PACKETSTORM: 59748 // PACKETSTORM: 59739 // CNNVD: CNNVD-200709-234 // NVD: CVE-2007-4938

CREDITS

Code Audit Labs is credited with the discovery of this issue.

Trust: 0.9

sources: BID: 25648 // CNNVD: CNNVD-200709-234

SOURCES

db:	VULHUB	id:	VHN-28300
db:	BID	id:	25648
db:	JVNDB	id:	JVNDB-2007-004396
db:	PACKETSTORM	id:	59748
db:	PACKETSTORM	id:	59739
db:	CNNVD	id:	CNNVD-200709-234
db:	NVD	id:	CVE-2007-4938

LAST UPDATE DATE

2024-11-23T22:03:50.272000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-28300	date:	2018-10-15T00:00:00
db:	BID	id:	25648	date:	2007-10-02T17:29:00
db:	JVNDB	id:	JVNDB-2007-004396	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200709-234	date:	2007-10-03T00:00:00
db:	NVD	id:	CVE-2007-4938	date:	2024-11-21T00:36:46.050

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-28300	date:	2007-09-18T00:00:00
db:	BID	id:	25648	date:	2007-09-12T00:00:00
db:	JVNDB	id:	JVNDB-2007-004396	date:	2012-09-25T00:00:00
db:	PACKETSTORM	id:	59748	date:	2007-10-03T00:17:52
db:	PACKETSTORM	id:	59739	date:	2007-10-03T00:05:02
db:	CNNVD	id:	CNNVD-200709-234	date:	2007-09-18T00:00:00
db:	NVD	id:	CVE-2007-4938	date:	2007-09-18T19:17:00