mplayer -- Multiple integer overflows

ID C7526A14-C4DC-11DA-9699-00123FFE8333
Type freebsd
Reporter FreeBSD
Modified 2006-03-29T00:00:00


Secunia reports:

The vulnerabilities are caused due to integer overflow errors in "libmpdemux/asfheader.c" within the handling of an ASF file, and in "libmpdemux/aviheader.c" when parsing the "indx" chunk in an AVI file. This can be exploited to cause heap-based buffer overflows via a malicious ASF file, or via a AVI file with specially-crafted "wLongsPerEntry" and "nEntriesInUse" values in the "indx" chunk.