In association with heise online

06 February 2008, 11:24

Multiple critical vulnerabilities in MPlayer

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Three patches have been published for the open source MPlayer media player which close several security holes. The flaws allow attackers to provoke buffer overflows in components of the player.

A buffer overflow in the url_escape_string function in the stream/url.c file can be provoked when processing certain URLs. An array indexing error can occur in the mov_build_index function in the libmpdemux/demux_mov.c file when parsing crafted MOV files. Comments in FLAC files can provoke a buffer overflow in get_flac_metadata (libmpdemux/demux_audio.c). A buffer overflow can be provoked in the code that evaluates responses from CDDB servers.

Versions 1.0cr2 and earlier are affected. If your source is from the Subversion repository, an update (svn up) is sufficient, otherwise the patches should be installed individually.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit