This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200603-03
(MPlayer: Multiple integer overflows)
MPlayer makes use of the FFmpeg library, which is vulnerable to a heap
overflow in the avcodec_default_get_buffer() function discovered by
Simon Kilvington (see GLSA 200601-06). Furthermore, AFI Security
Research discovered two integer overflows in ASF file format decoding,
in the new_demux_packet() function from libmpdemux/demuxer.h and the
demux_asf_read_packet() function from libmpdemux/demux_asf.c.
An attacker could craft a malicious media file which, when opened using
MPlayer, would lead to a heap-based buffer overflow. This could result
in the execution of arbitrary code with the permissions of the user
There is no known workaround at this time.
See also :
All MPlayer users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=media-video/mplayer-1.0.20060217'
Risk factor :
High / CVSS Base Score : 7.5