MPlayer: Heap-based buffer overflow
1.
Gentoo Linux Security Advisory
Version Information
| Advisory Reference |
GLSA 200605-01 / mplayer mplayer-bin |
| Release Date |
May 01, 2006 |
| Latest Revision |
June 21, 2006: 02 |
| Impact |
normal |
| Exploitable |
remote |
| Package |
Vulnerable versions |
Unaffected versions |
Architecture(s) |
| media-video/mplayer |
<
1.0.20060415 |
>=
1.0.20060415,
>=
1.0_pre8 |
All supported architectures
|
| media-video/mplayer-bin |
<
1.0.20060415 |
>=
1.0.20060415,
>=
1.0_pre8 |
All supported architectures
|
Related bugreports:
#127969
Synopsis
MPlayer contains multiple integer overflows that may lead to a heap-based
buffer overflow.
2.
Impact Information
Background
MPlayer is a media player that supports many multimedia file types.
Description
Xfocus Team discovered multiple integer overflows that may lead to a
heap-based buffer overflow.
Impact
An attacker could entice a user to play a specially crafted multimedia
file, potentially resulting in the execution of arbitrary code with the
privileges of the user running the application.
3.
Resolution Information
Workaround
There is no known workaround at this time.
Resolution
All MPlayer users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0.20060415"
|
All MPlayer binary users should upgrade to the latest version:
Code Listing 3.2: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/mplayer-bin-1.0.20060415"
|
4.
References
|
