7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.014 Low
EPSS
Percentile
86.4%
MPlayer is a media player capable of handling multiple multimedia file formats.
Heap overflows have been found in the code handling RealMedia RTSP and Microsoft Media Services streams over TCP (MMST).
By setting up a malicious server and enticing a user to use its streaming data, a remote attacker could possibly execute arbitrary code on the client computer with the permissions of the user running MPlayer.
There is no known workaround at this time.
All MPlayer users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_pre6-r4"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | media-video/mplayer | < 1.0_pre6-r4 | UNKNOWN |