var-200709-0172
Vulnerability from variot
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value. MPlayer is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input data. Attackers can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed attacks will result in denial-of-service conditions. MPlayer 1.0rc1 is vulnerable; other versions may also be affected. NOTE: The vendor states that this issue is present only on operating systems with a 'calloc' implementation that is prone to an integer-overflow issue. There is a heap buffer overflow in libmpdemux/aviheader.c in MPlayer.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4938
Updated Packages:
Mandriva Linux 2007.0: 664764460655f8fa3ffe837fe1c753c4 2007.0/i586/libdha1.0-1.0-1.pre8.13.5mdv2007.0.i586.rpm 92e7649f53c13651062b76f33b093f16 2007.0/i586/mencoder-1.0-1.pre8.13.5mdv2007.0.i586.rpm ea399734d197db1b88a8706ad9bf855a 2007.0/i586/mplayer-1.0-1.pre8.13.5mdv2007.0.i586.rpm 9d751d448cf399915dc11233f291bed5 2007.0/i586/mplayer-gui-1.0-1.pre8.13.5mdv2007.0.i586.rpm c015287479e38ccf22e271b3e97cc3ac 2007.0/SRPMS/mplayer-1.0-1.pre8.13.5mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64: a841c634484003178dbe3edcf04250fb 2007.0/x86_64/mencoder-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm 0c59b24ecd8977087b546ad373b5c556 2007.0/x86_64/mplayer-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm 8a9e6cd4f9b438470a08f770a6f3faca 2007.0/x86_64/mplayer-gui-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm c015287479e38ccf22e271b3e97cc3ac 2007.0/SRPMS/mplayer-1.0-1.pre8.13.5mdv2007.0.src.rpm
Mandriva Linux 2007.1: 1f9dba71ed8296072bbb29a276b24349 2007.1/i586/libdha1.0-1.0-1.rc1.11.3mdv2007.1.i586.rpm b679aa7cfb01a9173539045c7ae06a42 2007.1/i586/mencoder-1.0-1.rc1.11.3mdv2007.1.i586.rpm 518690338f0b044e2e591f9cc49c3eab 2007.1/i586/mplayer-1.0-1.rc1.11.3mdv2007.1.i586.rpm 54a46f319a936e2e94c833385dc01b92 2007.1/i586/mplayer-doc-1.0-1.rc1.11.3mdv2007.1.i586.rpm bd9470eb57ee6ced6a9e3358d8d47484 2007.1/i586/mplayer-gui-1.0-1.rc1.11.3mdv2007.1.i586.rpm 3e6887feff803bc3a3efe864842e0679 2007.1/SRPMS/mplayer-1.0-1.rc1.11.3mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64: af0ee01741af03a7a75b6a5289dbca9d 2007.1/x86_64/mencoder-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm 0e7e5f18937ebd4a050a683da5116e3e 2007.1/x86_64/mplayer-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm 4eeb75257e99b553e90b2c767fce6903 2007.1/x86_64/mplayer-doc-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm 2604e564242de95388b4e543624db4dc 2007.1/x86_64/mplayer-gui-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm 3e6887feff803bc3a3efe864842e0679 2007.1/SRPMS/mplayer-1.0-1.rc1.11.3mdv2007.1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFHAV4CmqjQ0CJFipgRAhrhAKC9bfRHlSG6+oVGztLTNtG5AfVqgACg21JC obuu0r4eZMhQuLCVAh4l7Ms= =WAef -----END PGP SIGNATURE-----
.
Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,700 different Windows applications.
Request your account, the Secunia Network Software Inspector (NSI): http://secunia.com/network_software_inspector/
TITLE: Mandriva update for mplayer
SECUNIA ADVISORY ID: SA27016
VERIFY ADVISORY: http://secunia.com/advisories/27016/
CRITICAL: Moderately critical
IMPACT: DoS, System access
WHERE:
From remote
OPERATING SYSTEM: Mandriva Linux 2007 http://secunia.com/product/12165/
DESCRIPTION: Mandriva has issued an update for mplayer. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a user's system.
For more information: SA19418
SOLUTION: Apply updated packages.
Mandriva Linux 2007
664764460655f8fa3ffe837fe1c753c4 2007.0/i586/libdha1.0-1.0-1.pre8.13.5mdv2007.0.i586.rpm 92e7649f53c13651062b76f33b093f16 2007.0/i586/mencoder-1.0-1.pre8.13.5mdv2007.0.i586.rpm ea399734d197db1b88a8706ad9bf855a 2007.0/i586/mplayer-1.0-1.pre8.13.5mdv2007.0.i586.rpm 9d751d448cf399915dc11233f291bed5 2007.0/i586/mplayer-gui-1.0-1.pre8.13.5mdv2007.0.i586.rpm c015287479e38ccf22e271b3e97cc3ac 2007.0/SRPMS/mplayer-1.0-1.pre8.13.5mdv2007.0.src.rpm
Mandriva Linux 2007/X86_64
a841c634484003178dbe3edcf04250fb 2007.0/x86_64/mencoder-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm 0c59b24ecd8977087b546ad373b5c556 2007.0/x86_64/mplayer-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm 8a9e6cd4f9b438470a08f770a6f3faca 2007.0/x86_64/mplayer-gui-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm c015287479e38ccf22e271b3e97cc3ac 2007.0/SRPMS/mplayer-1.0-1.pre8.13.5mdv2007.0.src.rpm
ORIGINAL ADVISORY: http://www.mandriva.com/security/advisories?name=MDKSA-2007:192
OTHER REFERENCES: SA19418: http://secunia.com/advisories/19418/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200709-0172",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "irix",
"scope": "eq",
"trust": 1.0,
"vendor": "sgi",
"version": "*"
},
{
"model": "mplayer",
"scope": "eq",
"trust": 1.0,
"vendor": "mplayer",
"version": "1.0_rc1"
},
{
"model": "mplayer",
"scope": "lte",
"trust": 0.8,
"vendor": "mplayer",
"version": "1.0rc1"
},
{
"model": "irix",
"scope": "eq",
"trust": 0.8,
"vendor": "sgi",
"version": "6.5"
},
{
"model": "windows me",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "windows nt",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "windows 98",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "-rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "mplayer",
"version": "1.0"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.1"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2007.0"
}
],
"sources": [
{
"db": "BID",
"id": "25648"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004396"
},
{
"db": "NVD",
"id": "CVE-2007-4938"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-234"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86_64:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:santa_cruz_operation:sco_unix:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:ibm:os2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_98:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:hp:tru64:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:windriver:bsdos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mplayer:mplayer:1.0_rc1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sgi:irix:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4938"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code Audit Labs is credited with the discovery of this issue.",
"sources": [
{
"db": "BID",
"id": "25648"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-234"
}
],
"trust": 0.9
},
"cve": "CVE-2007-4938",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.6,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2007-4938",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "VHN-28300",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-4938",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200709-234",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-28300",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28300"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004396"
},
{
"db": "NVD",
"id": "CVE-2007-4938"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-234"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large \"indx truck size\" and nEntriesInuse values, and a certain wLongsPerEntry value. MPlayer is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input data. \nAttackers can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed attacks will result in denial-of-service conditions. \nMPlayer 1.0rc1 is vulnerable; other versions may also be affected. \nNOTE: The vendor states that this issue is present only on operating systems with a \u0027calloc\u0027 implementation that is prone to an integer-overflow issue. There is a heap buffer overflow in libmpdemux/aviheader.c in MPlayer. \n _______________________________________________________________________\n\n References:\n \n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4938\n _______________________________________________________________________\n \n Updated Packages:\n \n Mandriva Linux 2007.0:\n 664764460655f8fa3ffe837fe1c753c4 2007.0/i586/libdha1.0-1.0-1.pre8.13.5mdv2007.0.i586.rpm\n 92e7649f53c13651062b76f33b093f16 2007.0/i586/mencoder-1.0-1.pre8.13.5mdv2007.0.i586.rpm\n ea399734d197db1b88a8706ad9bf855a 2007.0/i586/mplayer-1.0-1.pre8.13.5mdv2007.0.i586.rpm\n 9d751d448cf399915dc11233f291bed5 2007.0/i586/mplayer-gui-1.0-1.pre8.13.5mdv2007.0.i586.rpm \n c015287479e38ccf22e271b3e97cc3ac 2007.0/SRPMS/mplayer-1.0-1.pre8.13.5mdv2007.0.src.rpm\n\n Mandriva Linux 2007.0/X86_64:\n a841c634484003178dbe3edcf04250fb 2007.0/x86_64/mencoder-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm\n 0c59b24ecd8977087b546ad373b5c556 2007.0/x86_64/mplayer-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm\n 8a9e6cd4f9b438470a08f770a6f3faca 2007.0/x86_64/mplayer-gui-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm \n c015287479e38ccf22e271b3e97cc3ac 2007.0/SRPMS/mplayer-1.0-1.pre8.13.5mdv2007.0.src.rpm\n\n Mandriva Linux 2007.1:\n 1f9dba71ed8296072bbb29a276b24349 2007.1/i586/libdha1.0-1.0-1.rc1.11.3mdv2007.1.i586.rpm\n b679aa7cfb01a9173539045c7ae06a42 2007.1/i586/mencoder-1.0-1.rc1.11.3mdv2007.1.i586.rpm\n 518690338f0b044e2e591f9cc49c3eab 2007.1/i586/mplayer-1.0-1.rc1.11.3mdv2007.1.i586.rpm\n 54a46f319a936e2e94c833385dc01b92 2007.1/i586/mplayer-doc-1.0-1.rc1.11.3mdv2007.1.i586.rpm\n bd9470eb57ee6ced6a9e3358d8d47484 2007.1/i586/mplayer-gui-1.0-1.rc1.11.3mdv2007.1.i586.rpm \n 3e6887feff803bc3a3efe864842e0679 2007.1/SRPMS/mplayer-1.0-1.rc1.11.3mdv2007.1.src.rpm\n\n Mandriva Linux 2007.1/X86_64:\n af0ee01741af03a7a75b6a5289dbca9d 2007.1/x86_64/mencoder-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm\n 0e7e5f18937ebd4a050a683da5116e3e 2007.1/x86_64/mplayer-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm\n 4eeb75257e99b553e90b2c767fce6903 2007.1/x86_64/mplayer-doc-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm\n 2604e564242de95388b4e543624db4dc 2007.1/x86_64/mplayer-gui-1.0-1.rc1.11.3mdv2007.1.x86_64.rpm \n 3e6887feff803bc3a3efe864842e0679 2007.1/SRPMS/mplayer-1.0-1.rc1.11.3mdv2007.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (GNU/Linux)\n\niD8DBQFHAV4CmqjQ0CJFipgRAhrhAKC9bfRHlSG6+oVGztLTNtG5AfVqgACg21JC\nobuu0r4eZMhQuLCVAh4l7Ms=\n=WAef\n-----END PGP SIGNATURE-----\n\n. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nThe Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,700 different Windows applications. \n\nRequest your account, the Secunia Network Software Inspector (NSI):\nhttp://secunia.com/network_software_inspector/\n\n----------------------------------------------------------------------\n\nTITLE:\nMandriva update for mplayer\n\nSECUNIA ADVISORY ID:\nSA27016\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/27016/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nMandriva Linux 2007\nhttp://secunia.com/product/12165/\n\nDESCRIPTION:\nMandriva has issued an update for mplayer. This fixes a\nvulnerability, which can be exploited by malicious people to cause a\nDoS (Denial of Service) or potentially compromise a user\u0027s system. \n\nFor more information:\nSA19418\n\nSOLUTION:\nApply updated packages. \n\nMandriva Linux 2007\n\n664764460655f8fa3ffe837fe1c753c4 \n2007.0/i586/libdha1.0-1.0-1.pre8.13.5mdv2007.0.i586.rpm\n92e7649f53c13651062b76f33b093f16 \n2007.0/i586/mencoder-1.0-1.pre8.13.5mdv2007.0.i586.rpm\nea399734d197db1b88a8706ad9bf855a \n2007.0/i586/mplayer-1.0-1.pre8.13.5mdv2007.0.i586.rpm\n9d751d448cf399915dc11233f291bed5 \n2007.0/i586/mplayer-gui-1.0-1.pre8.13.5mdv2007.0.i586.rpm \nc015287479e38ccf22e271b3e97cc3ac \n2007.0/SRPMS/mplayer-1.0-1.pre8.13.5mdv2007.0.src.rpm\n\nMandriva Linux 2007/X86_64\n\na841c634484003178dbe3edcf04250fb \n2007.0/x86_64/mencoder-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm\n0c59b24ecd8977087b546ad373b5c556 \n2007.0/x86_64/mplayer-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm\n8a9e6cd4f9b438470a08f770a6f3faca \n2007.0/x86_64/mplayer-gui-1.0-1.pre8.13.5mdv2007.0.x86_64.rpm \nc015287479e38ccf22e271b3e97cc3ac \n2007.0/SRPMS/mplayer-1.0-1.pre8.13.5mdv2007.0.src.rpm\n\nORIGINAL ADVISORY:\nhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:192\n\nOTHER REFERENCES:\nSA19418:\nhttp://secunia.com/advisories/19418/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4938"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004396"
},
{
"db": "BID",
"id": "25648"
},
{
"db": "VULHUB",
"id": "VHN-28300"
},
{
"db": "PACKETSTORM",
"id": "59748"
},
{
"db": "PACKETSTORM",
"id": "59739"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-28300",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28300"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-4938",
"trust": 2.9
},
{
"db": "BID",
"id": "25648",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "27016",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "45940",
"trust": 1.7
},
{
"db": "SREASON",
"id": "3144",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004396",
"trust": 0.8
},
{
"db": "XF",
"id": "36581",
"trust": 0.6
},
{
"db": "MANDRIVA",
"id": "MDKSA-2007:192",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20070912 CAL-20070912-1 MULTIPLE VENDOR PRODUCE HANDLING AVI FILE VULNERABILITIES",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200709-234",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "59748",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "30578",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-28300",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "59739",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28300"
},
{
"db": "BID",
"id": "25648"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004396"
},
{
"db": "PACKETSTORM",
"id": "59748"
},
{
"db": "PACKETSTORM",
"id": "59739"
},
{
"db": "NVD",
"id": "CVE-2007-4938"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-234"
}
]
},
"id": "VAR-200709-0172",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-28300"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:10:22.151000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.mplayerhq.hu/design7/news.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.sgi.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-004396"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28300"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004396"
},
{
"db": "NVD",
"id": "CVE-2007-4938"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.mandriva.com/security/advisories?name=mdksa-2007:192"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/25648"
},
{
"trust": 1.7,
"url": "http://www.vulnhunt.com/advisories/cal-20070912-1_multiple_vendor_produce_handling_avi_file_vulnerabilities.txt"
},
{
"trust": 1.7,
"url": "http://osvdb.org/45940"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/27016"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/3144"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/479222/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36581"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4938"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4938"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/36581"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/479222/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.mplayerhq.hu/"
},
{
"trust": 0.3,
"url": "http://svn.mplayerhq.hu/mplayer?diff_format=u\u0026view=rev\u0026revision=24447"
},
{
"trust": 0.3,
"url": "/archive/1/479222"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-4938"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/27016/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/network_software_inspector/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12165/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/19418/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-28300"
},
{
"db": "BID",
"id": "25648"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004396"
},
{
"db": "PACKETSTORM",
"id": "59748"
},
{
"db": "PACKETSTORM",
"id": "59739"
},
{
"db": "NVD",
"id": "CVE-2007-4938"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-234"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-28300"
},
{
"db": "BID",
"id": "25648"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-004396"
},
{
"db": "PACKETSTORM",
"id": "59748"
},
{
"db": "PACKETSTORM",
"id": "59739"
},
{
"db": "NVD",
"id": "CVE-2007-4938"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-234"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-28300"
},
{
"date": "2007-09-12T00:00:00",
"db": "BID",
"id": "25648"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004396"
},
{
"date": "2007-10-03T00:17:52",
"db": "PACKETSTORM",
"id": "59748"
},
{
"date": "2007-10-03T00:05:02",
"db": "PACKETSTORM",
"id": "59739"
},
{
"date": "2007-09-18T19:17:00",
"db": "NVD",
"id": "CVE-2007-4938"
},
{
"date": "2007-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200709-234"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-28300"
},
{
"date": "2007-10-02T17:29:00",
"db": "BID",
"id": "25648"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-004396"
},
{
"date": "2018-10-15T21:38:55.550000",
"db": "NVD",
"id": "CVE-2007-4938"
},
{
"date": "2007-10-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200709-234"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "59748"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-234"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MPlayer AVIHeader.C Heap Based Buffer Overflow Vulnerability",
"sources": [
{
"db": "BID",
"id": "25648"
},
{
"db": "CNNVD",
"id": "CNNVD-200709-234"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200709-234"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.