FreeBSD : mplayer -- DMO File Parsing Buffer Overflow Vulnerability (abeb9b64-ce50-11db-bc24-0016179b2dd5)

High Nessus Plugin ID 24798


The remote FreeBSD host is missing one or more security-related updates.


'Moritz Jodeit reports :

There's an exploitable buffer overflow in the current version of MPlayer (v1.0rc1) which can be exploited with a maliciously crafted video file. It is hidden in the DMO_VideoDecoder() function of `loader/dmo/DMO_VideoDecoder.c' file.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 24798

File Name: freebsd_pkg_abeb9b64ce5011dbbc240016179b2dd5.nasl

Version: $Revision: 1.12 $

Type: local

Published: 2007/03/12

Modified: 2016/05/05

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.6

Temporal Score: 6.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mplayer, p-cpe:/a:freebsd:freebsd:mplayer-esound, p-cpe:/a:freebsd:freebsd:mplayer-gtk, p-cpe:/a:freebsd:freebsd:mplayer-gtk-esound, p-cpe:/a:freebsd:freebsd:mplayer-gtk2, p-cpe:/a:freebsd:freebsd:mplayer-gtk2-esound, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2007/03/09

Vulnerability Publication Date: 2007/02/11

Reference Information

CVE: CVE-2007-1246

BID: 22771

CWE: 119