FreeBSD : mplayer heap overflow in http requests (5e7f58c3-b3f8-4258-aeb8-795e5e940ff8)

High Nessus Plugin ID 12581


The remote FreeBSD host is missing one or more security-related updates.


A remotely exploitable heap buffer overflow vulnerability was found in MPlayer's URL decoding code. If an attacker can cause MPlayer to visit a specially crafted URL, arbitrary code execution with the privileges of the user running MPlayer may occur. A `visit' might be caused by social engineering, or a malicious web server could use HTTP redirects which MPlayer would then process.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 12581

File Name: freebsd_mplayer_0921.nasl

Version: $Revision: 1.12 $

Type: local

Published: 2004/07/06

Modified: 2014/09/18

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mplayer, p-cpe:/a:freebsd:freebsd:mplayer-esound, p-cpe:/a:freebsd:freebsd:mplayer-gtk, p-cpe:/a:freebsd:freebsd:mplayer-gtk-esound, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2004/03/31

Vulnerability Publication Date: 2004/03/30