When demux_open_avi() is called from mencoder, it will cause an access violation if an invalid file is passed. This can be exploited by opening a specially crafted avi file in a media player, causing it to crash and potentially execute arbitrary code with the media player user privileges. This can be done by emailing the user a specially crafted avi file or by hosting the media player on a website accessible by the user. This issue has been verified to affect Ubuntu 12.04, Ubuntu 14.04, Debian 7 and Gentoo Linux. Ubuntu 12.04 32-bit, Ubuntu 14.04 32-bit and Debian 7 32-bit are highly discouraged for use due to this vulnerability. This issue has also been verified to affect mplayer on Windows XP/7/8/10 and mencoder on Windows XP/7/8/10. Stewie has verified mplayer on Windows XP/7/8/10. On Debian 7 and Ubuntu 14.04, it is recommended to upgrade to a newer version of these distributions as soon as possible due to the severity of this vulnerability. The mplayer and mencoder packages on Debian 7 and Ubuntu 14.04 have been fixed in their respective updates. Users of these distributions are encouraged to upgrade their systems and upgrade their mplayer and mencoder packages as soon as possible. This issue has also been verified to affect mplayer on Mac OS X 10.7 and 10.8 and menc
Ubuntu 12.04 LTS
, Ubuntu 14.04 LTS, Debian 7, Gentoo Linux
When demux_open_avi() is called from mencoder, it will cause an access violation if an invalid file is passed. This can be exploited by opening a specially crafted avi file in a media player, causing it to crash and potentially execute arbitrary code with the media player user privileges. This can be done by emailing the user a specially crafted avi file or by hosting the media player on a website accessible by the user.
Vulnerability Introduction
When demux_open_avi() is called from mencoder, it will cause an access violation if an invalid file is passed. This can be exploited by opening a specially crafted avi file in a media player, causing it to crash and potentially execute arbitrary code with the media player user privileges. This can be done by emailing the user a specially crafted avi file or by hosting the media player on a website accessible by the user. This issue has been verified to affect Ubuntu 12.04, Ubuntu 14.04, Debian 7 and Gentoo Linux. Ubuntu 12.04 32-bit, Ubuntu 14.04 32-bit and Debian 7 32-bit are highly discouraged for use due to this vulnerability. This issue has also been verified to affect mplayer on Windows XP/7/8/10 and mencoder on Windows XP/7/8/10. Stewie has verified mplayer on Windows XP/7/8/10. On Debian 7 and Ubuntu 14.04, it is recommended to upgrade to a newer version of these distributions as soon as possible due to the severity of this vulnerability. The mplayer and mencoder packages on Debian 7 and Ubuntu 14.04 have been fixed in their respective updates."
The importance of digital marketing: 6 reasons why digital marketing is important
Timeline
Published on: 09/15/2022 15:15:00 UTC
Last modified on: 09/19/2022 18:05:00 UTC