MPlayer 1.0 - AVIHeader.C Heap Buffer Overflow

Author: Code Audit Labs
type: dos
platform: linux
port: 
date_added: 2007-09-12 
date_updated: 2016-11-24 
verified: 1 
codes: CVE-2007-4938;OSVDB-45940 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comMPlayer-1.0rc1.tar.bz2

source: https://www.securityfocus.com/bid/25648/info

MPlayer is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input data.

Attackers can exploit this issue to execute arbitrary code with the privileges of the user running the application. Failed attacks will result in denial-of-service conditions.

MPlayer 1.0rc1 is vulnerable; other versions may also be affected.

NOTE: The vendor states that this issue is present only on operating systems with a 'calloc' implementation that is prone to an integer-overflow issue.

The following proof-of-concept AVI header data is available:
69 6E 64 78 00 FF FF FF 01 11 64 73 20 00 00 10

indx truck size 0xffffff00
wLongsPerEntry 0x0001
BIndexSubType is 0x64
bIndexType is 0x73
nEntriesInuse is 0x10000020