MPlayer: Two heap overflow vulnerabilities
Gentoo Linux Security Advisory
||GLSA 200504-19 / MPlayer
||April 20, 2005
||May 22, 2006: 02
All supported architectures
Two vulnerabilities have been found in MPlayer which could lead to the
remote execution of arbitrary code.
MPlayer is a media player capable of handling multiple multimedia file
Heap overflows have been found in the code handling RealMedia RTSP and
Microsoft Media Services streams over TCP (MMST).
By setting up a malicious server and enticing a user to use its
streaming data, a remote attacker could possibly execute arbitrary code
on the client computer with the permissions of the user running
There is no known workaround at this time.
All MPlayer users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_pre6-r4"