Debian: DSA-1782-1 Critical: Mplayer Arbitrary Code Execution
debian
April 29, 2009
Several vulnerabilities have been discovered in mplayer, a movie player for Unix-like systems
Summary
Several vulnerabilities have been discovered in mplayer, a movie player
for Unix-like systems. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2009-0385
It was discovered that watching a malformed 4X movie file could lead to
the execution of arbitrary code.
CVE-2008-4866
It was discovered that multiple buffer overflows could lead to the
execution of arbitrary code.
CVE-2008-5616
It was discovered that watching a malformed TwinVQ file could lead to
the execution of arbitrary code.
For the oldstable distribution (etch), these problems have been fixed
in version 1.0~rc1-12etch7.
For the stable distribution (lenny), mplayer links against
ffmpeg-debian.
For the testing distribution (squeeze) and the unstable distribution
(sid), mplayer links against ffmpeg-debian.
We recommend that you upgrade your mplayer packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are ...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!