CVE-2007-1246

Name	CVE-2007-1246
Description	The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1387.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1536-1
Debian Bugs	414072, 414075

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
mplayer (PTS)	bullseye	2:1.4+ds1-1+deb11u1	fixed
	bookworm	2:1.5+svn38408-1	fixed
	trixie, sid	2:1.5+svn38674-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
mplayer	source	etch	1.0~rc1-12etch
mplayer	source	(unstable)	1.0~rc1-13	medium		414075
xine-lib	source	sarge	1.0.1-1sarge7		DSA-1536-1
xine-lib	source	etch	1.1.2+dfsg-6		DSA-1536-1
xine-lib	source	(unstable)	1.1.2+dfsg-3	medium		414072

[sarge] - xine-lib <no-dsa> (Only affects external, proprietary w32codecs addons)
vlc checked, and is not affected.