CVE-2007-1246

Publication date 3 March 2007

Last updated 17 July 2025

Ubuntu priority

Description

The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1387.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
mplayer	7.10 gutsy	Not affected
	7.04 feisty	Fixed 2:1.0~rc1-0ubuntu4
	6.10 edgy	Fixed 2:0.99+1.0pre8-0ubuntu8.2
	6.06 LTS dapper	Fixed 2:0.99+1.0pre7try2+cvs20060117-0ubuntu8.1
xine-lib	7.10 gutsy	Fixed 1.1.4-2ubuntu3
	7.04 feisty	Fixed 1.1.4-2ubuntu3
	6.10 edgy	Fixed 1.1.2+repacked1-0ubuntu3.4
	6.06 LTS dapper	Fixed 1.1.1+ubuntu2-7.7

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-433-1
Xine vulnerability
9 March 2007

Other references

https://www.cve.org/CVERecord?id=CVE-2007-1246