Gentoo Logo

MPlayer: Multiple overflows

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200412-21 / MPlayer
Release Date December 20, 2004
Latest Revision December 20, 2004: 01
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
media-video/mplayer <= 1.0_pre5-r4 >= 1.0_pre5-r5 All supported architectures

Related bugreports: #74473

Synopsis

Multiple overflow vulnerabilities have been found in MPlayer, potentially resulting in remote executing of arbitrary code.

2.  Impact Information

Background

MPlayer is a media player capable of handling multiple multimedia file formats.

Description

iDEFENSE, Ariel Berkman and the MPlayer development team found multiple vulnerabilities in MPlayer. These include potential heap overflows in Real RTSP and pnm streaming code, stack overflows in MMST streaming code and multiple buffer overflows in BMP demuxer and mp3lib code.

Impact

A remote attacker could craft a malicious file or design a malicious streaming server. Using MPlayer to view this file or connect to this server could trigger an overflow and execute attacker-controlled code.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All MPlayer users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_pre5-r5"

4.  References



Print

Page updated December 20, 2004

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.