mplayer -- buffer overflows

2008-02-12T00:00:00
ID DSA-1496
Type debian
Reporter Debian
Modified 2008-02-12T00:00:00

Description

Several buffer overflows have been discovered in the MPlayer movie player, which might lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

Felipe Manzano and Anibal Sacco discovered a buffer overflow in the demuxer for MOV files.

Reimar Doeffinger discovered a buffer overflow in the FLAC header parsing.

Adam Bozanich discovered a buffer overflow in the CDDB access code.

Adam Bozanich discovered a buffer overflow in URL parsing.

The old stable distribution (sarge) doesn't contain mplayer.

For the stable distribution (etch), these problems have been fixed in version 1.0~rc1-12etch2.

We recommend that you upgrade your mplayer packages.