blob: db4e981913354199e0ce3fca9e1bc3270feb46e2 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200504-19">
<title>MPlayer: Two heap overflow vulnerabilities</title>
Two vulnerabilities have been found in MPlayer which could lead to the
remote execution of arbitrary code.
<product type="ebuild">MPlayer</product>
<announced>April 20, 2005</announced>
<revised>May 22, 2006: 02</revised>
<package name="media-video/mplayer" auto="yes" arch="*">
<unaffected range="ge">1.0_pre6-r4</unaffected>
<vulnerable range="lt">1.0_pre6-r4</vulnerable>
MPlayer is a media player capable of handling multiple multimedia file
Heap overflows have been found in the code handling RealMedia RTSP and
Microsoft Media Services streams over TCP (MMST).
<impact type="normal">
By setting up a malicious server and enticing a user to use its
streaming data, a remote attacker could possibly execute arbitrary code
on the client computer with the permissions of the user running
There is no known workaround at this time.
All MPlayer users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-video/mplayer-1.0_pre6-r4&quot;</code>
<uri link="">MPlayer News: Real RTSP heap overflow</uri>
<uri link="">MPlayer News: MMST heap overflow</uri>
<uri link="">CVE-2005-1195</uri>
<metadata tag="requester" timestamp="Sat, 16 Apr 2005 16:59:51 +0000">
<metadata tag="submitter" timestamp="Mon, 18 Apr 2005 09:17:55 +0000">
<metadata tag="bugReady" timestamp="Tue, 19 Apr 2005 07:28:03 +0000">