Detections
Analytics

GLSA-200412-21 : MPlayer: Multiple overflows

medium Nessus Plugin ID 16011

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200412-21 (MPlayer: Multiple overflows)

 iDEFENSE, Ariel Berkman and the MPlayer development team found multiple vulnerabilities in MPlayer. These include potential heap overflows in Real RTSP and pnm streaming code, stack overflows in MMST streaming code and multiple buffer overflows in BMP demuxer and mp3lib code.
 Impact :

 A remote attacker could craft a malicious file or design a malicious streaming server. Using MPlayer to view this file or connect to this server could trigger an overflow and execute attacker-controlled code.
 Workaround :

 There is no known workaround at this time.

Solution

All MPlayer users should upgrade to the latest version:
 # emerge --sync # emerge --ask --oneshot --verbose '>=media-video/mplayer-1.0_pre5-r5'

See Also

http://www.nessus.org/u?cdbcba84

http://www.nessus.org/u?12ef3169

http://www.nessus.org/u?4c7dac8f

http://www.nessus.org/u?fbfaeb90

https://security.gentoo.org/glsa/200412-21

Plugin Details

Severity: Medium

ID: 16011

File Name: gentoo_GLSA-200412-21.nasl

Version: 1.19

Type: local

Published: 12/20/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:mplayer, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 12/20/2004

Vulnerability Publication Date: 12/16/2004

Reference Information

GLSA: 200412-21