A buffer overflow was found and reported by Adam Bozanich of Musecurity in the code used to extract album titles from cbbd server answers.As usual, they response quickly by providing a patch and it has been commited to the SVN Server.
When parsing answers from the cddb server, the album title is copied into a fixed-size buffer with insufficient checks on its size, and may cause a buffer overflow. A malicious database entry could trigger a buffer overflow in the program, that can lead to arbitrary code execution with the UID of the user running MPlayer.
Packagers... go grab the patch and build the package
No comments:
Post a Comment