Bug#591525: mplayer: Segfault due to missing input sanitation on playlist files
Josef Spillner
2005 at kuarepoti-dju.net
Tue Aug 3 18:31:29 UTC 2010
Package: mplayer
Version: 2:1.0~rc3+svn20100502-3+b1
Severity: normal
Tags: upstream
It is easily possible to crash mplayer through specially-crafted playlist files.
Instead of crashing, the application should return with a proper exit code.
$ cat _cassé.pls
[playlist]
numberofentries=0
Version=2
$ mplayer -playlist _cassé.pls
Unknown entry type Version=2
Speicherzugriffsfehler
# where Speicherzugriffsfehler means segfault
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages mplayer depends on:
ii libaa1 1.4p5-38 ascii art library
ii libasound2 1.0.23-1 shared library for ALSA applicatio
ii libaudio2 1.9.2-3 Network Audio System - shared libr
ii libavcodec52 4:0.5.2-1 ffmpeg codec library
ii libavformat52 4:0.5.2-1 ffmpeg file format library
ii libavutil49 4:0.5.2-1 ffmpeg utility library
ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib
ii libcaca0 0.99.beta17-1 colour ASCII art library
ii libcdparanoia0 3.10.2+debian-9 audio extraction tool for sampling
ii libdirectfb-1.2-9 1.2.10.0-4 direct frame buffer graphics - sha
ii libdvdread4 4.1.3-10 library for reading DVDs
ii libenca0 1.13-3 Extremely Naive Charset Analyser -
ii libesd0 0.2.41-7 Enlightened Sound Daemon - Shared
ii libfontconfig1 2.8.0-2.1 generic font configuration library
ii libfreetype6 2.4.0-2 FreeType 2 font engine, shared lib
ii libfribidi0 0.19.2-1 Free Implementation of the Unicode
ii libgcc1 1:4.4.4-7 GCC support library
ii libgif4 4.1.6-9 library for GIF images (library)
ii libgl1-mesa-glx [libgl 7.7.1-4 A free implementation of the OpenG
ii libjack0 [libjack-0.11 1:0.118+svn3796-7 JACK Audio Connection Kit (librari
ii libjpeg62 6b1-1 The Independent JPEG Group's JPEG
ii liblircclient0 0.8.3-5 infra-red remote control support -
ii liblzo2-2 2.03-2 data compression library
ii libncurses5 5.7+20100313-2 shared libraries for terminal hand
ii libogg0 1.2.0~dfsg-1 Ogg bitstream library
ii libopenal1 1:1.12.854-2 Software implementation of the Ope
ii libpng12-0 1.2.44-1 PNG library - runtime
ii libpostproc51 4:0.5.2-1 ffmpeg video postprocessing librar
ii libpulse0 0.9.21-3+b1 PulseAudio client libraries
ii libsdl1.2debian 1.2.14-6 Simple DirectMedia Layer
ii libsmbclient 2:3.4.8~dfsg-2 shared library for communication w
ii libspeex1 1.2~rc1-1 The Speex codec runtime library
ii libstdc++6 4.4.4-7 The GNU Standard C++ Library v3
ii libsvga1 1:1.4.3-29 console SVGA display libraries
ii libswscale0 4:0.5.2-1 ffmpeg video scaling library
ii libtheora0 1.1.1+dfsg.1-3 The Theora Video Compression Codec
ii libx11-6 2:1.3.3-3 X11 client-side library
ii libxext6 2:1.1.2-1 X11 miscellaneous extension librar
ii libxinerama1 2:1.1-3 X11 Xinerama extension library
ii libxt6 1:1.0.7-1 X11 toolkit intrinsics library
ii libxv1 2:1.0.5-1 X11 Video extension library
ii libxvmc1 2:1.0.5-1 X11 Video extension library
ii libxxf86dga1 2:1.1.1-2 X11 Direct Graphics Access extensi
ii libxxf86vm1 1:1.1.0-2 X11 XFree86 video mode extension l
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
mplayer recommends no packages.
Versions of packages mplayer suggests:
ii bzip2 1.0.5-4 high-quality block-sorting file co
ii fontconfig 2.8.0-2.1 generic font configuration library
pn mplayer-doc <none> (no description available)
pn netselect | fping <none> (no description available)
ii ttf-freefont 20090104-7 Freefont Serif, Sans and Mono True
-- no debconf information
More information about the pkg-multimedia-maintainers
mailing list