In association with heise online

15 December 2008, 15:10

Buffer overflow in MPlayer media player

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The developers of the free MPlayer media player have fixed a buffer overflow which can be triggered using specially crafted TwinVQ files. The flaw is contained in the demux_open_vqf() function in libmpdemux/demux_vqf.c. Its discoverer Tobias Klein says this can potentially be used to inject and execute arbitrary code. According to the advisory, the problem affects all of the MPlayer versions before 1.0rc2 r28150 (or before r28149 in the repository).

To update, users can obtain the corrected version from the repository and compile it themselves. Otherwise, they can wait for the release of the unofficial packages for Windows. Linux users can also wait for new packages from their Linux distributors.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit