Critical hole in Mplayer
MPlayer, the free movie player, has a critical vulnerability according to an advisory from OCert. The issue is related to MPlayer's playback of RealPlayer streams; the demuxer code in demux_real.c
has three integer underflows which can be manipulated by a crafted video file to make the stream_read function overwrite arbitrary amounts of memory, which in turn can lead to a crash or a heap overflow exploit.
The issue affects all versions of MPlayer, up to and including the latest MPlayer 1.0_RC2, but there has been no official update to MPlayer yet. OCert have made available a patch for MPlayer for users and distributions who can patch and build from MPlayer source code.
See also:
- MPlayer Real demuxer heap overflow, oCert Advisory
(djwm)