Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200412-21
HistoryDec 20, 2004 - 12:00 a.m.

MPlayer: Multiple overflows

2004-12-2000:00:00
Gentoo Foundation
security.gentoo.org
5
JSON

Background

MPlayer is a media player capable of handling multiple multimedia file formats.

Description

iDEFENSE, Ariel Berkman and the MPlayer development team found multiple vulnerabilities in MPlayer. These include potential heap overflows in Real RTSP and pnm streaming code, stack overflows in MMST streaming code and multiple buffer overflows in BMP demuxer and mp3lib code.

Impact

A remote attacker could craft a malicious file or design a malicious streaming server. Using MPlayer to view this file or connect to this server could trigger an overflow and execute attacker-controlled code.

Workaround

There is no known workaround at this time.

Resolution

All MPlayer users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_pre5-r5"
OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-video/mplayer<= 1.0_pre5-r4UNKNOWN
JSON