Gentoo Logo

MPlayer: Multiple overflows


1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200412-21 / MPlayer
Release Date December 20, 2004
Latest Revision December 20, 2004: 01
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
media-video/mplayer <= 1.0_pre5-r4 >= 1.0_pre5-r5 All supported architectures

Related bugreports: #74473


Multiple overflow vulnerabilities have been found in MPlayer, potentially resulting in remote executing of arbitrary code.

2.  Impact Information


MPlayer is a media player capable of handling multiple multimedia file formats.


iDEFENSE, Ariel Berkman and the MPlayer development team found multiple vulnerabilities in MPlayer. These include potential heap overflows in Real RTSP and pnm streaming code, stack overflows in MMST streaming code and multiple buffer overflows in BMP demuxer and mp3lib code.


A remote attacker could craft a malicious file or design a malicious streaming server. Using MPlayer to view this file or connect to this server could trigger an overflow and execute attacker-controlled code.

3.  Resolution Information


There is no known workaround at this time.


All MPlayer users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_pre5-r5"

4.  References


Page updated December 20, 2004

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.