Mandrake Linux Security Advisory : mplayer (MDKSA-2004:157)

Critical Nessus Plugin ID 16038


The remote Mandrake Linux host is missing one or more security updates.


A number of vulnerabilities were discovered in the MPlayer program by iDEFENSE, Ariel Berkman, and the MPlayer development team. These vulnerabilities include potential heap overflows in Real RTSP and pnm streaming code, stack overflows in MMST streaming code, and multiple buffer overflows in the BMP demuxer and mp3lib code.

The updated packages have been patched to prevent these problems.


Update the affected packages.

See Also

Plugin Details

Severity: Critical

ID: 16038

File Name: mandrake_MDKSA-2004-157.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2004/12/23

Modified: 2013/06/02

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64postproc0, p-cpe:/a:mandriva:linux:lib64postproc0-devel, p-cpe:/a:mandriva:linux:libdha0.1, p-cpe:/a:mandriva:linux:libdha1.0, p-cpe:/a:mandriva:linux:libpostproc0, p-cpe:/a:mandriva:linux:libpostproc0-devel, p-cpe:/a:mandriva:linux:mencoder, p-cpe:/a:mandriva:linux:mplayer, p-cpe:/a:mandriva:linux:mplayer-gui, cpe:/o:mandrakesoft:mandrake_linux:10.0, cpe:/o:mandrakesoft:mandrake_linux:10.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2004/12/22

Reference Information

CVE: CVE-2000-0174, CVE-2004-1285, CVE-2004-1309, CVE-2004-1310, CVE-2004-1311

MDKSA: 2004:157