GLSA 200702-11: MPlayer: Buffer overflow

Severity:normal
Title:MPlayer: Buffer overflow
Date:02/27/2007
Bugs: #159727
ID:200702-11

Synopsis

A buffer overflow was found in MPlayer's RTSP plugin that could lead to a Denial of Service or arbitrary code execution.

Background

MPlayer is a media player capable of playing multiple media formats.

Affected packages

Package Vulnerable Unaffected Architecture(s)
media-video/mplayer < 1.0_rc1-r2 >= 1.0_rc1-r2 All supported architectures

Description

When checking for matching asm rules in the asmrp.c code, the results are stored in a fixed-size array without boundary checks which may allow a buffer overflow.

Impact

An attacker can entice a user to connect to a manipulated RTSP server resulting in a Denial of Service and possibly execution of arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All MPlayer users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-video/mplayer-1.0_rc1-r2"

References

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200702-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

Thank you!