Update eliminates two buffer overflows in MPlayer
Security service organisation Secunia has reported two vulnerabilities in the media player MPlayer with which a client PC could possibly be compromised. This is made possible by faults in the processing of CDDB data. If a user contacts a malicious CDDB server, any crafted CDDB entries with overlong album or category titles can prompt buffer overflows in the module stream/stream_cddb.c , via which arbitrary code can be injected into the computer and executed in the client context.
The vulnerabilities were found in MPlayer 1.0rc1. It is very probable that previous versions are also affected. A patch eliminates the problem. In addition, Version 1.0rc1try3, in which the vulnerabilities have also been eliminated, is available in the subversion respository. Users are expected to compile the new version themselves, as binaries are not yet available. Alternatively the developers recommend to discontinue using CDDB, redirect freedb.freedb.org statically in the hosts file to the loopback IP address 127.0.0.1, or to compile MPlayer without CDDB support using the option --disable-cddb .
- MPlayer 1.0rc1try3 released, announcement on the MPlayer mailing list
- MPlayer CDDB Parsing Buffer Overflows, error report from Secunia