GLSA-200412-21 : MPlayer: Multiple overflows

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200412-21
(MPlayer: Multiple overflows)

iDEFENSE, Ariel Berkman and the MPlayer development team found
multiple vulnerabilities in MPlayer. These include potential heap
overflows in Real RTSP and pnm streaming code, stack overflows in MMST
streaming code and multiple buffer overflows in BMP demuxer and mp3lib
code.

Impact :

A remote attacker could craft a malicious file or design a
malicious streaming server. Using MPlayer to view this file or connect
to this server could trigger an overflow and execute
attacker-controlled code.

Workaround :

There is no known workaround at this time.

See also :

http://www.nessus.org/u?cdbcba84
http://www.nessus.org/u?12ef3169
http://www.nessus.org/u?4c7dac8f
http://www.nessus.org/u?fbfaeb90
http://www.gentoo.org/security/en/glsa/glsa-200412-21.xml

Solution :

All MPlayer users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=media-video/mplayer-1.0_pre5-r5'

Risk factor :

Medium

Family: Gentoo Local Security Checks

Nessus Plugin ID: 16011 (gentoo_GLSA-200412-21.nasl)

Bugtraq ID:

CVE ID: