Gentoo Logo

MPlayer: Buffer overflow

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200702-11 / MPlayer
Release Date February 27, 2007
Latest Revision February 27, 2007: 01
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
media-video/mplayer < 1.0_rc1-r2 >= 1.0_rc1-r2 All supported architectures

Related bugreports: #159727

Synopsis

A buffer overflow was found in MPlayer's RTSP plugin that could lead to a Denial of Service or arbitrary code execution.

2.  Impact Information

Background

MPlayer is a media player capable of playing multiple media formats.

Description

When checking for matching asm rules in the asmrp.c code, the results are stored in a fixed-size array without boundary checks which may allow a buffer overflow.

Impact

An attacker can entice a user to connect to a manipulated RTSP server resulting in a Denial of Service and possibly execution of arbitrary code.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All MPlayer users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_rc1-r2"

4.  References

Print

Page updated February 27, 2007

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.