9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
Felipe Andres Manzano discovered that mplayer, a multimedia player, is
vulnerable to several integer overflows in the Real video stream
demuxing code. These flaws could allow an attacker to cause a denial
of service (a crash) or potentially execution of arbitrary code by
supplying a maliciously crafted video file.
For the stable distribution (etch), these problems have been fixed in
version 1.0~rc1-12etch5.
For the unstable distribution (sid), these problems have been fixed in
version 1.0~rc2-18.
We recommend that you upgrade your mplayer packages.
CPE | Name | Operator | Version |
---|---|---|---|
mplayer | eq | 1.0~rc1-12etch | |
mplayer | eq | 1.0~rc1-12etch3 | |
mplayer | eq | 1.0~rc1-12etch1 | |
mplayer | eq | 1.0~rc1-12etch2 |