Multiple critical vulnerabilities in MPlayer
Three patches have been published for the open source MPlayer media player which close several security holes. The flaws allow attackers to provoke buffer overflows in components of the player.
A buffer overflow in the
url_escape_string function in the
stream/url.c file can be provoked when processing certain URLs. An array indexing error can occur in the
mov_build_index function in the
libmpdemux/demux_mov.c file when parsing crafted MOV files. Comments in FLAC files can provoke a buffer overflow in
get_flac_metadata (libmpdemux/demux_audio.c). A buffer overflow can be provoked in the code that evaluates responses from CDDB servers.
Versions 1.0cr2 and earlier are affected. If your source is from the Subversion repository, an update (svn up) is sufficient, otherwise the patches should be installed individually.
- Security advisory and patches, on MPlayerhq.hu
- MPlayer arbitrary pointer dereference, security advisory from CORE Security
- MPlayer 1.0rc2 buffer overflow vulnerability, security advisory from CORE Security