mplayer -- multiple vulnerabilities

2004-12-10T00:00:00
ID 85D76F02-5380-11D9-A9E7-0001020EED82
Type freebsd
Reporter FreeBSD
Modified 2005-01-12T00:00:00

Description

iDEFENSE and the MPlayer Team have found multiple vulnerabilities in MPlayer:

Potential heap overflow in Real RTSP streaming code Potential stack overflow in MMST streaming code Multiple buffer overflows in BMP demuxer Potential heap overflow in pnm streaming code Potential buffer overflow in mp3lib

These vulnerabilities could allow a remote attacker to execute arbitrary code as the user running MPlayer. The problem in the pnm streaming code also affects xine.