Vulnerability Reported: a Patch for MPlayer

Oct 02, 2008

Ulrich Bantle

Multimedia software MPlayer notifies of security holes in the Real demuxer code that can result in arbitrary code execution.

The three vulnerability spots in MPlayer that Felipe Andres Manzano discovered in the code, and reported in an oCert advisory, all lead to the same possibility: an attacker can exploit a heap overflow to create a specific video file that can compromise the code. This video can have the stream_read function read or write arbitrary amounts of memory, resulting in unexpected code execution that could cause process termination. The affected MPlayer versions are 1.0 RC2 and earlier. The advisory references the required patch.

Related content

Vulnerabilities in Xine-Lib and Mplayer

Vulnerabilities have been discovered in two major media players for Linux. A Xine-Lib vulnerability also affects Mplayer.

more »
Ubuntu Patches Vorbis Tools

The Ubuntu security team has released an update to close a vulnerability in the Vorbis Tools for editing music files in Ogg-Vorbis format.

more »
Special Patch for IE Security Hole, Users Move to Firefox

Microsoft has decided to issue a special patch outside its usual patchday rhythm for all its Internet Explorer versions to close a severe vulnerability issue. Downloads of Firefox have accordingly skyrocketed.

more »
Bugs: Update Required for Firefox & Co.

The Mozilla project has released an updated version of its Firefox browser to close various vulnerabilities.

more »
Command Line: MPlayer and MEncoder

MPlayer and MEncoder have considerable potential, and you can control them by means of intelligent command-line options. We’ll put both programs to work.

more »

comments powered by Disqus

Issue 202/2017

Buy this issue as a PDF

Digital Issue: Price $9.99

(incl. VAT)

DevOps

Reinvent your network with DevOps tools and techniques:

Opportunities and Risks: Containers for DevOps
Automated Builds Using CentOS 7 and Kickstart
Elasticsearch, Logstash, and Kibana – The ELK stack
Are you ready for DevOps? Try your luck with the beta version of Linux Professional Institute's new DevOps exam.

News

LibreOffice 5.4 Released

Comes with improved support for Microsoft Office file formats.
Red Hat to Drop Support for Btrfs

The company is building their own storage solution called Stratis.
Reinvent your network with DevOps tools and techniques:

Opportunities and Risks: Containers for DevOps
Automated Builds Using CentOS 7 and Kickstart
Elasticsearch, Logstash, and Kibana – The ELK stack
Are you ready for DevOps? Try your luck with the beta version of Linux Professional Institute's new DevOps exam.
Kolab Now Integrates Collabora Online

Kolab Now subscribers now have access to Collabora Online.
Endless OS, a Distribution Without Internet

A new version of Endless OS has been released.
GitHub Announces Open Source Friday Program

They encourage people to take time out and work on open source projects on Friday.
System76 Announces Their Own Distro, Pop!_OS

Pop!_OS is based on Ubuntu and uses the Gnome stack.
Linus Torvalds Talks About His Motivation

He never tires of working on the Linux kernel.
Debian 9 Stretches Its Wings

The new release of Debian has a very strong focus on security.
Trojan Turns Raspberry Pi into a Cryptocurrency Mining Device

Two trojans in the wild are targeting Linux machines.