blob: ecabb22694118fc5d98573944dc76f1312b7a313 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200805-22">
<title>MPlayer: User-assisted execution of arbitrary code</title>
An integer overflow vulnerability in MPlayer may allow for the execution of
arbitrary code.
<product type="ebuild">mplayer</product>
<announced>May 29, 2008</announced>
<revised>May 29, 2008: 01</revised>
<package name="media-video/mplayer" auto="yes" arch="*">
<unaffected range="ge">1.0_rc2_p26753</unaffected>
<vulnerable range="lt">1.0_rc2_p26753</vulnerable>
MPlayer is a media player including support for a wide range of audio
and video formats.
k`sOSe reported an integer overflow vulnerability in the
sdpplin_parse() function in the file stream/realrtsp/sdpplin.c, which
can be exploited to overwrite arbitrary memory regions via an overly
large "StreamCount" SDP parameter.
<impact type="normal">
A remote attacker could entice a user to open a specially crafted media
file, possibly resulting in the execution of arbitrary code with the
privileges of the user running MPlayer.
There is no known workaround at this time.
All MPlayer users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-video/mplayer-1.0_rc2_p26753&quot;</code>
<uri link="">CVE-2008-1558</uri>
<metadata tag="requester" timestamp="Thu, 22 May 2008 17:37:55 +0000">
<metadata tag="submitter" timestamp="Tue, 27 May 2008 21:32:21 +0000">
<metadata tag="bugReady" timestamp="Wed, 28 May 2008 13:57:42 +0000">