Opened 8 days ago
Closed 16 hours ago
#2426 closed defect (fixed)
Security Vulnerability Report for Mplayer v1.5
| Reported by: | RedTeamTIM | Owned by: | beastd |
|---|---|---|---|
| Priority: | high | Component: | undetermined |
| Version: | HEAD | Severity: | major |
| Keywords: | CWE-690, MPlayer | Cc: | RedTeamTIM |
| Blocked By: | Blocking: | ||
| Reproduced by developer: | yes | Analyzed by developer: | yes |
Description
To Whom It May Concern,
we are writing to inform you that during our analysis we found some vulnerabilities which affects the Mplayer product.
Vulnerability details:
Product Line: Mplayer
Vulnerable Version: 1.5
CWE-690: Unchecked Return Value to NULL Pointer Dereference
A detailed report is attached.
Credits and Research Team Info:
(1) First Name: Massimiliano - Last Name: Ferraresi
(2) First Name: Massimiliano - Last Name: Brolli
Research Firm: TIM Security Red Team Research
Organization Name: TIM S.p.A
Disclosure Policy
We strongly believe that a coordinated disclosure is the best approach to properly and efficiently address the risk related to security vulnerabilities (i.e. Coordinated Vulnerability Disclosure – CVD).
If everything goes as intended, after your confirmations and, eventually, the CVE ID publication, we will proceed with a full disclosure on our Web page. If you do not agree with a full disclosure for the vulnerabilities, please let us know by responding to this communication. In this case we will just publish the CVE details.
However, if no response is provided or you do not intend to take any action to assess the security issue, we will proceed as follows:
After the first communication with no response within a week, it is resent. If no response is provided at all, we will proceed with a disclosure of the vulnerability on our public Web Site after 90 days.
After the acknowledgement of the security issues, if no status updates are provided within the next month, we will send you a final communication warning that the vulnerability information will be published after 90 days.
As a security research team, we will be glad to support you in the evaluation and remediation processes.
Best regards
TIM Security Red Team Research
Attachments (2)
Change History (5)
by , 8 days ago
| Attachment: | Disclosure_report_MPlayer.pdf added |
|---|
comment:1 by , 3 days ago
| Status: | new → open |
|---|
Vulnerability is confirmed and can be fixed with:
--- a/asxparser.c
+++ b/asxparser.c
@@ -118,6 +118,7 @@
}
}
attrib = malloc(ptr2-ptr1+2);
+ if(!attrib) return -1;
strncpy(attrib,ptr1,ptr2-ptr1+1);
attrib[ptr2-ptr1+1] = '\0';
Is there a CVE ID or do we need one to mention it in our commit?
comment:2 by , 17 hours ago
Hi,
Is there a CVE ID or do we need one to mention it in our commit?
it looks like for this kind of issues there is not going to be a CVE, see
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1083029
Disclosure Report