Buffer overflow in MPlayer media player
The developers of the free MPlayer media player have fixed a buffer overflow which can be triggered using specially crafted TwinVQ files. The flaw is contained in the
demux_open_vqf() function in
libmpdemux/demux_vqf.c. Its discoverer Tobias Klein says this can potentially be used to inject and execute arbitrary code. According to the advisory, the problem affects all of the MPlayer versions before 1.0rc2 r28150 (or before r28149 in the repository).
To update, users can obtain the corrected version from the repository and compile it themselves. Otherwise, they can wait for the release of the unofficial packages for Windows. Linux users can also wait for new packages from their Linux distributors.