MPlayer And Xine PNM_Get_Chunk Multiple Remote Client-Side Buffer Overflow Vulnerabilities

MPlayer And Xine PNM_Get_Chunk Multiple Remote Client-Side Buffer Overflow Vulnerabilities

Multiple buffer overflow vulnerabilities are reported to exist in the xine and MPlayer utilities. The following issues are reported:

Several buffer overflow vulnerabilities are reported to exist in the 'pnm_get_chunk()' function.

Reports indicate that the vulnerabilities present themselves in the RMF_TAG, DATA_TAG, PROP_TAG, MDPR_TAG and CONT_TAG handling code of 'pnm_get_chunk()'.

A remote attacker may potentially leverage this memory corruption to execute arbitrary code in the context of a user that uses the vulnerable utility to connect to a malicious PNM server.

An additional buffer overflow vulnerability is reported to exist in the PNA_TAG handling code of the 'pnm_get_chunk()' function.

It is reported that supplied PNA_TAG data is copied into a finite buffer without sufficient boundary checks. This results in memory corruption. A remote attacker may potentially leverage this memory corruption to execute arbitrary code in the context of a user that uses the vulnerable utility to connect to a malicious PNM server.