Gentoo Logo

MPlayer: Heap-based buffer overflow

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200605-01 / mplayer mplayer-bin
Release Date May 01, 2006
Latest Revision June 21, 2006: 02
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
media-video/mplayer < 1.0.20060415 >= 1.0.20060415, >= 1.0_pre8 All supported architectures
media-video/mplayer-bin < 1.0.20060415 >= 1.0.20060415, >= 1.0_pre8 All supported architectures

Related bugreports: #127969

Synopsis

MPlayer contains multiple integer overflows that may lead to a heap-based buffer overflow.

2.  Impact Information

Background

MPlayer is a media player that supports many multimedia file types.

Description

Xfocus Team discovered multiple integer overflows that may lead to a heap-based buffer overflow.

Impact

An attacker could entice a user to play a specially crafted multimedia file, potentially resulting in the execution of arbitrary code with the privileges of the user running the application.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All MPlayer users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0.20060415"

All MPlayer binary users should upgrade to the latest version:

Code Listing 3.2: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/mplayer-bin-1.0.20060415"

4.  References



Print

Page updated May 01, 2006

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.