View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005255 | MMW v4 | Other | public | 2009-01-27 18:59 | 2009-05-14 00:29 |
| Reporter | rusty | Assigned To | |||
| Priority | immediate | Severity | major | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Product Version | 3.0 | ||||
| Target Version | 3.1 | Fixed in Version | 3.1 | ||
| Summary | 0005255: m3u handling buffer overflow error | ||||
| Description | There's been a report of a buffer overflow error in MM 3.0.6 wrt M3U handling: http://www.securityfocus.com/bid/33420 We need to assess whether a problem exists and if so, decide whether to release 3.0.8 or include in 3.1. | ||||
| Tags | No tags attached. | ||||
| Fixed in build | 1220 | ||||
|
|
Fixed in 1220 |
|
|
A note about severity of the issue: We made a detailed analysis and although that malicious M3U can cause MediaMonkey to crash, it doesn't seem to be possible to cause execution of some arbitrary code. So, this isn't a high risk issue and we don't need to create 3.0.8 because of it. |
|
|
Tested in 1244 By D&D affected M3U to Now playing and initiate play of AAAAAAAAAAAAAAAAAAA track crash MediaMonkey |
|
|
Tried with latest developer version and working fine. Retest that in next build. |
|
|
Verified 1245 |
