Joined: 12 May 2004
|Posted: Sat Mar 04, 2006 7:26 pm Post subject: [ GLSA 200603-03 ] MPlayer: Multiple integer overflows
|Gentoo Linux Security Advisory
Title: MPlayer: Multiple integer overflows (GLSA 200603-03)
Date: March 04, 2006
Updated: June 21, 2006
Bug(s): #115760, #122029
MPlayer is vulnerable to integer overflows in FFmpeg and ASF decoding that
could potentially result in the execution of arbitrary code.
MPlayer is a media player capable of handling multiple multimedia file
Vulnerable: < 1.0.20060217
Unaffected: >= 1.0.20060217
Unaffected: >= 1.0_pre8
Architectures: All supported architectures
MPlayer makes use of the FFmpeg library, which is vulnerable to a heap
overflow in the avcodec_default_get_buffer() function discovered by
Simon Kilvington (see GLSA 200601-06). Furthermore, AFI Security
Research discovered two integer overflows in ASF file format decoding,
in the new_demux_packet() function from libmpdemux/demuxer.h and the
demux_asf_read_packet() function from libmpdemux/demux_asf.c.
An attacker could craft a malicious media file which, when opened using
MPlayer, would lead to a heap-based buffer overflow. This could result
in the execution of arbitrary code with the permissions of the user
There is no known workaround at this time.
All MPlayer users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0.20060217"
Last edited by GLSA on Mon Jun 10, 2013 4:22 am; edited 5 times in total