SB2023051403 - Multiple vulnerabilities in MPlayer
Published: May 14, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 15 secuirty vulnerabilities.
1) Out-of-bounds write (CVE-ID: CVE-2022-38862)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing files within the play() function in libaf/af.c. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
2) Division by zero (CVE-ID: CVE-2022-38850)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the config() function in llibmpcodecs/vf_scale.c. A remote attacker can trick the victim to open a specially crafted file, trigger a divide by zero error and crash the application.
3) Memory leak (CVE-ID: CVE-2022-38600)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak within vf.c and vf_vo.c files. A remote attacker can force the application to leak memory and perform denial of service attack.
4) Out-of-bounds read (CVE-ID: CVE-2022-38851)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the read_meta_record() function in mplayer/libmpdemux/asfheader.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
5) Out-of-bounds write (CVE-ID: CVE-2022-38856)
The vulnerability allows a remote attacker to crash the application
The vulnerability exists due to a boundary error within the mov_build_index() function in libmpdemux/demux_mov.c. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and crash the application.
6) Out-of-bounds write (CVE-ID: CVE-2022-38864)
The vulnerability allows a remote attacker to crash the application
7) Division by zero (CVE-ID: CVE-2022-38865)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the demux_avi_read_packet() function in libmpdemux/demux_avi.c. A remote attacker can trick the victim to open a specially crafted file, trigger a divide by zero error and crash the application.8) Out-of-bounds write (CVE-ID: CVE-2022-38861)
The vulnerability allows a remote attacker to crash the application
9) Use-after-free (CVE-ID: CVE-2022-32317)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the preinit() function in libvo/vo_v4l2.c. A remote
attacker can create a specially crafted file, trick the victim into
opening it, trigger a use-after-free error and crash the application.
10) Out-of-bounds write (CVE-ID: CVE-2022-38855)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the gen_sh_video() function in mplayer/libmpdemux/demux_mov.c. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and crash the application.
11) Division by zero (CVE-ID: CVE-2022-38860)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the function demux_open_avi() function in libmpdemux/demux_avi.c. A remote attacker can trick the victim to open a specially crafted file, trigger a divide by zero error and crash the application.12) Out-of-bounds write (CVE-ID: CVE-2022-38858)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
13) Out-of-bounds write (CVE-ID: CVE-2022-38853)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
14) Out-of-bounds write (CVE-ID: CVE-2022-38866)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
15) Out-of-bounds write (CVE-ID: CVE-2022-38863)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://trac.mplayerhq.hu/ticket/2404
- https://trac.mplayerhq.hu/ticket/2399
- https://lists.debian.org/debian-lts-announce/2022/12/msg00042.html
- https://trac.mplayerhq.hu/ticket/2390#comment:2
- https://trac.mplayerhq.hu/ticket/2393
- https://trac.mplayerhq.hu/ticket/2395
- https://trac.mplayerhq.hu/ticket/2406
- https://trac.mplayerhq.hu/ticket/2401
- https://trac.mplayerhq.hu/ticket/2407
- https://transfer.sh/m2WcuM/poc_dup.zip
- https://bugs.gentoo.org/show_bug.cgi?id=858107
- https://github.com/b17fr13nds/MPlayer_cve_poc
- https://trac.mplayerhq.hu/ticket/2392
- https://trac.mplayerhq.hu/ticket/2402
- https://trac.mplayerhq.hu/ticket/2396
- https://trac.mplayerhq.hu/ticket/2398
- https://trac.mplayerhq.hu/ticket/2403#comment:2
- https://trac.mplayerhq.hu/ticket/2405