FreeBSD : mplayer -- DMO File Parsing Buffer Overflow Vulnerability (abeb9b64-ce50-11db-bc24-0016179b2dd5)

high Nessus Plugin ID 24798

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

'Moritz Jodeit reports :

There's an exploitable buffer overflow in the current version of MPlayer (v1.0rc1) which can be exploited with a maliciously crafted video file. It is hidden in the DMO_VideoDecoder() function of `loader/dmo/DMO_VideoDecoder.c' file.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?ab96995f

Plugin Details

Severity: High

ID: 24798

File Name: freebsd_pkg_abeb9b64ce5011dbbc240016179b2dd5.nasl

Version: 1.15

Type: local

Published: 3/12/2007

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 6.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mplayer, p-cpe:/a:freebsd:freebsd:mplayer-esound, p-cpe:/a:freebsd:freebsd:mplayer-gtk, p-cpe:/a:freebsd:freebsd:mplayer-gtk-esound, p-cpe:/a:freebsd:freebsd:mplayer-gtk2, p-cpe:/a:freebsd:freebsd:mplayer-gtk2-esound, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 3/9/2007

Vulnerability Publication Date: 2/11/2007

Reference Information

CVE: CVE-2007-1246

BID: 22771

CWE: 119