Vulnerability Reported: a Patch for MPlayer

Oct 02, 2008

Multimedia software MPlayer notifies of security holes in the Real demuxer code that can result in arbitrary code execution.

The three vulnerability spots in MPlayer that Felipe Andres Manzano discovered in the code, and reported in an oCert advisory, all lead to the same possibility: an attacker can exploit a heap overflow to create a specific video file that can compromise the code. This video can have the stream_read function read or write arbitrary amounts of memory, resulting in unexpected code execution that could cause process termination. The affected MPlayer versions are 1.0 RC2 and earlier. The advisory references the required patch.

Related content

comments powered by Disqus

Issue 252/2021

Buy this issue as a PDF

Digital Issue: Price $12.99
(incl. VAT)