1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200605-01 / mplayer mplayer-bin |
| Release Date | May 01, 2006 |
| Latest Revision | June 21, 2006: 02 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| media-video/mplayer | < 1.0.20060415 | >= 1.0.20060415, >= 1.0_pre8 | All supported architectures |
| media-video/mplayer-bin | < 1.0.20060415 | >= 1.0.20060415, >= 1.0_pre8 | All supported architectures |
Related bugreports: #127969
MPlayer contains multiple integer overflows that may lead to a heap-based buffer overflow.
MPlayer is a media player that supports many multimedia file types.
Xfocus Team discovered multiple integer overflows that may lead to a heap-based buffer overflow.
An attacker could entice a user to play a specially crafted multimedia file, potentially resulting in the execution of arbitrary code with the privileges of the user running the application.
There is no known workaround at this time.
All MPlayer users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0.20060415" |
All MPlayer binary users should upgrade to the latest version:
Code Listing 3.2: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=media-video/mplayer-bin-1.0.20060415" |