|Category:||FreeBSD Local Security Checks|
|Title:||mplayer -- multiple vulnerabilities|
|Summary:||mplayer -- multiple vulnerabilities|
|Description:||The remote host is missing an update to the system|
as announced in the referenced advisory.
The following packages are affected:
Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and
earlier might allow remote attackers to execute arbitrary code via a
QuickTime MOV file with a crafted stsc atom tag.
Array index vulnerability in libmpdemux/demux_audio.c in MPlayer
1.0rc2 and SVN before r25917, and possibly earlier versions, as used
in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary
code via a crafted FLAC tag, which triggers a buffer overflow.
Buffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN before
r25824 allows remote user-assisted attackers to execute arbitrary code
via a CDDB database entry containing a long album title.
Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823
allows remote attackers to execute arbitrary code via a crafted URL
that prevents the IPv6 parsing code from setting a pointer to NULL,
which causes the buffer to be reused by the unescape code.
Update your system with the appropriate patches or
Common Vulnerability Exposure (CVE) ID: CVE-2008-0485|
Bugtraq: 20080204 CORE-2008-0122: MPlayer arbitrary pointer dereference (Google Search)
Debian Security Information: DSA-1496 (Google Search)
BugTraq ID: 27499
Common Vulnerability Exposure (CVE) ID: CVE-2008-0486
Bugtraq: 20080204 CORE-2007-1218: MPlayer 1.0rc2 buffer overflow vulnerability (Google Search)
Debian Security Information: DSA-1536 (Google Search)
SuSE Security Announcement: SUSE-SR:2008:006 (Google Search)
BugTraq ID: 27441
Common Vulnerability Exposure (CVE) ID: CVE-2008-0629
BugTraq ID: 27765
Common Vulnerability Exposure (CVE) ID: CVE-2008-0630
BugTraq ID: 27766
|Copyright||Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com|
|This is only one of 39644 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.