Detections
Analytics

Debian DSA-2044-1 : mplayer - integer overflow

high Nessus Plugin ID 46315

Language:

Synopsis

The remote Debian host is missing a security-related update.

Description

tixxDZ (DZCORE labs) discovered a vulnerability in the mplayer movie player. Missing data validation in mplayer's real data transport (RDT) implementation enable an integer underflow and consequently an unbounded buffer operation. A maliciously crafted stream could thus enable an attacker to execute arbitrary code.

No Common Vulnerabilities and Exposures project identifier is available for this issue.

Solution

Upgrade the mplayer packages.

For the stable distribution (lenny), this problem has been fixed in version 1.0~rc2-17+lenny3.2.

See Also

https://www.debian.org/security/2010/dsa-2044

Plugin Details

Severity: High

ID: 46315

File Name: debian_DSA-2044.nasl

Version: 1.10

Type: local

Agent: unix

Published: 5/12/2010

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:mplayer, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 5/11/2010

Reference Information

DSA: 2044