[MPlayer-DOCS] [homepage]: r2955 - trunk/src/news.src.en

Corey Hickey bugfood-ml at fatooh.org
Tue Jun 5 23:33:12 CEST 2007

rtogni wrote:
> +A stack overflow was found and reported by Stefan Cornelius of Secunia
> +Researchin in the code used to handle cddb queries. Two other similar issues

typo       ^^

> +were found by Reimar Döffinger while fixing the issue. The vulnerability is
> +identified with CVE-2007-2948 and
> +<a href="http://secunia.com/advisories/24302/">SAID 24302</a>.
> +</p>
> +
> +<p>
> +When copying the album title and category, no checking was performed on the size
> +of the strings before storing them in a fixed-size array. A malicious entry in
> +the database could trigger a stack overflow in the program, leading to arbitrary
> +code execution with the uid of the user running MPlayer.
> +</p>
> +
> +<h3>Severity</h3>
> +
> +<p>
> +High (arbitrary remote code execution under the user ID running the player)
> +when getting disk information from a malicious cddb entry, null if you do not
> +use this feature. Please note that is possible to overwrite entries in the cddb

"it is"                               ^^

> +database, so an attack can be performed also via a non-compromised server.

I think it is more correct to say, "an attack can also be performed via 
a non-compromised server."


More information about the MPlayer-DOCS mailing list