Gentoo Linux Security Advisory GLSA 200901-07:02 - Multiple vulnerabilities in MPlayer may lead to the execution of arbitrary code or a Denial of Service. Versions less than 1.0_rc2_p28058-r1 are affected.
a0d17e5282ee3f678c9d2f0857185c3ffd590e9cd23b30ec57e917b7dd662cb4Mandriva Linux Security Advisory - A vulnerability that was discovered in xine-lib that allowed remote RTSP servers to execute arbitrary code via a large streamid SDP parameter also affects MPlayer. Several integer overflows were discovered by Felipe Andres Manzano in MPlayer's Real video stream demuxing code. These vulnerabilities could allow an attacker to cause a crash or possibly execute arbitrary code by supplying a malicious crafted video file. The updated packages have been patched to fix these issues. Note that CVE-2008-3827 was already corrected in the Mandriva Linux 2009 packages.
066d0295c5e7993cf9dc8e543353f75479252803b2356b941a661066f30a1f4fDebian Security Advisory 1644-1 - Felipe Andres Manzano discovered that mplayer, a multimedia player, is vulnerable to several integer overflows in the Real video stream demuxing code. These flaws could allow an attacker to cause a denial of service (a crash) or potentially the execution of arbitrary code by supplying a maliciously crafted video file.
0b14a7c5b18a785119de3447fb6fe29091f332d5abf5c2cba8a5d7322d7cd885The MPlayer multimedia player suffers from a vulnerability which could result in arbitrary code execution and at the least, in unexpected process termination. Three integer underflows located in the Real demuxer code can be used to exploit a heap overflow, a specific video file can be crafted in order to make the stream_read function reading or writing arbitrary amounts of memory. Versions 1.0 RC2 and below are affected.
f47bbc552774c9b5545581209953d5f8219b79416c8f70eb63e89a8fd31e6423
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed