GLSA-200504-19 : MPlayer: Two heap overflow vulnerabilities
High Nessus Plugin ID 18102
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200504-19 (MPlayer: Two heap overflow vulnerabilities)
Heap overflows have been found in the code handling RealMedia RTSP and Microsoft Media Services streams over TCP (MMST).
By setting up a malicious server and enticing a user to use its streaming data, a remote attacker could possibly execute arbitrary code on the client computer with the permissions of the user running MPlayer.
There is no known workaround at this time.
SolutionAll MPlayer users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=media-video/mplayer-1.0_pre6-r4'