Vulnerability Reported: a Patch for MPlayer
Multimedia software MPlayer notifies of security holes in the Real demuxer code that can result in arbitrary code execution.
The three vulnerability spots in MPlayer that Felipe Andres Manzano discovered in the code, and reported in an oCert advisory, all lead to the same possibility: an attacker can exploit a heap overflow to create a specific video file that can compromise the code. This video can have the stream_read function read or write arbitrary amounts of memory, resulting in unexpected code execution that could cause process termination. The affected MPlayer versions are 1.0 RC2 and earlier. The advisory references the required patch.
Issue 172/2015
Buy this issue as a PDF
News
-
Old Vulnerabilities Are Kept Alive Through Bad Configuration
HP's annual Cyber Risk report offers a bleak look at the state of IT.
-
Linus Torvalds Announces Linux 4.0
But what do the big numbers really mean?
-
Microsoft Frees CoreCLR
.NET Core execution engine is the basis for cross-platform .NET implementations.
-
New Trojan Attacks Linux Servers
The Xnote trojan hides itself on the target system and will launch a variety of attacks on command.
-
Cisco Releases Annual Security Report
Spammers go low-volume, and 90% of IE browsers are unpatched.
-
Zero Day Exploits Target Flash
Adobe scrambles to release patches for vulnerable Flash Player.
-
Intel Unveils Compute Stick
Four-inch-long computer on a stick lets you boot a full Linux system from any HDMI display device.
-
Obama Proposes Personal Data Notification Law
New statute would require companies to report break-ins to consumers.
-
TGXf Project Warns of File Transfer through Screen Pixels
Weird data transfer technique avoids all standard security measures.
-
Industry Giants Announce a Fix for the Password Mess
FIDO alliance declares the beginning of the end for old-style login authentication.