Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-38600: #2390 (memory leak in vf.c and vf_vo.c) – MPlayer

Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf_vo.c.

CVE
#windows#ubuntu#linux#c++#auth#ibm

#2390 closed defect (fixed)

Reported by:

Owned by:

beastd

Priority:

normal

Component:

vf

Version:

unspecified

Severity:

normal

Keywords:

Cc:

Blocked By:

Blocking:

Reproduced by developer:

no

Analyzed by developer:

no

Summary of the bug: Found a .viv file for mplayer where asan reports a memory leak.
How to reproduce:Use the attached file to reproduce this issue (ASAN-recompilation are required)
version: SVN-r38374-13.0.1
kernel version:ubuntu 20.04; Linux 5.15.0-46-generic
complier version:clang 13.0.1-2ubuntu2~20.04.1

mplayer and ASAN output:

Player SVN-r38374-13.0.1 © 2000-2022 MPlayer Team

Playing /home/ldy/sample/useful/03-KimagureOrangeRoad.viv.
libavformat version 58.29.100 (external)
VIVO file format detected.
VIDEO: [viv2] 320x240 24bpp 10.000 fps 0.0 kbps ( 0.0 kbyte/s)
[gl] using extended formats. Use -vo gl:nomanyfmts if playback fails.
==========================================================================
Requested video codec family [vivo] (vfm=vfw) not available.
Enable it at compilation.
Cannot find codec matching selected -vo and video format 0x32766976.
==========================================================================
Clip info:

title: <No Title>
author: NV
copyright: <No Copyright>
encoder: VivoActive VideoNow 3.0 for Windows

Load subtitles in /home/ldy/sample/useful/
==========================================================================
Requested audio codec family [vivoaudio] (afm=acm) not available.
Enable it at compilation.
Opening audio decoder: [ffmpeg] FFmpeg/libavcodec audio decoders
libavcodec version 58.54.100 (external)
Cannot find codec ‘siren’ in libavcodec…
ADecoder init failed :(
ADecoder init failed :(
Cannot find codec for audio format 0x112.
Audio: no sound
Video: no video

Exiting… (End of file)

=================================================================
==3993864==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 576 byte(s) in 1 object(s) allocated from:

#0 0x55ac7b1e06dd in malloc (/home/ldy/good_mplayer/asan_playr/mplayer+0x33e6dd)
#1 0x55ac7b42992e in vf_open_plugin /home/ldy/good_mplayer/mplayer/libmpcodecs/vf.c:478:8

Indirect leak of 24 byte(s) in 1 object(s) allocated from:

#0 0x55ac7b1e0872 in interceptor_calloc (/home/ldy/good_mplayer/asan_playr/mplayer+0x33e872)
#1 0x55ac7b50a2cd in vf_open /home/ldy/good_mplayer/mplayer/libmpcodecs/vf_vo.c:215:14

SUMMARY: AddressSanitizer: 600 byte(s) leaked in 2 allocation(s).

Related news

Gentoo Linux Security Advisory 202405-05

Gentoo Linux Security Advisory 202405-5 - Multiple vulnerabilities have been discovered in MPlayer, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 1.5 are affected.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907