Explore top 10 tips to secure your open-source projects now. Read More
×
Several issues have been found in mplayer, a movie player for Unix-like systems. They are basically related to buffer overflows, divide by zero or out of . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3255-1
The package mplayer before version 37857-1 is vulnerable to denial of service. . Arch Linux Security Advisory ASA-201605-11 ========================================= Severity: Medium Date : 2016-05-07 CVE-ID : CVE-2016-4352 Package : mplayer Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package mplayer before version 37857-1 is vulnerable to denial of service. Resolution ========= Upgrade to 37857-1. # pacman -Syu "mplayer> =37857-1" The problem has been fixed upstream in version 37857. Workaround ========= None. Description ========== A vulnerability has been discovered that is leading to a crash when playing a fuzzed gif file. The gif demuxes assumed in many places that width*height is
New MPlayer packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] MPlayer (SSA:2016-034-02) New MPlayer packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/MPlayer-1.2_20160125-i486-1_slack14.1.txz: Upgraded. This is the latest MPlayer-1.2 branch, identical to the 1.2.1 stable release. The bundled ffmpeg has been upgraded to 2.8.5, which fixes two security issues by which a remote attacker may conduct a cross-origin attack and read arbitrary files on the system. For more information, see: https://www.cve.org/CVERecord?id=CVE-2016-1897 https://www.cve.org/CVERecord?id=CVE-2016-1898 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/MPlayer-1.2_20160125-i486-1_slack13.0.txz Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/MPlayer-1.2_20160125-x86_64-1_slack13.0.txz Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/MPlayer-1.2_20160125-i486-1_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/MPlayer-1.2_20160125-x86_64-1_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/MPlayer-1.2_20160125-i486-1_slack13.37.txz Updated package forSlackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/MPlayer-1.2_20160125-x86_64-1_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/MPlayer-1.2_20160125-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/MPlayer-1.2_20160125-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/MPlayer-1.2_20160125-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/MPlayer-1.2_20160125-x86_64-1_slack14.1.txz Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 13.0 package: ae6fb26d324d92424d7a2c916ad3db5c MPlayer-1.2_20160125-i486-1_slack13.0.txz Slackware x86_64 13.0 package: 829a450e5e3e210900285362f89d4d20 MPlayer-1.2_20160125-x86_64-1_slack13.0.txz Slackware 13.1 package: 47180e392294fdc4af5c7bb0b3726bd1 MPlayer-1.2_20160125-i486-1_slack13.1.txz Slackware x86_64 13.1 package: 2b46c4fc104775fda7fb66dc5e4c9fab MPlayer-1.2_20160125-x86_64-1_slack13.1.txz Slackware 13.37 package: 555698c9f7e19698d11af54c30010420 MPlayer-1.2_20160125-i486-1_slack13.37.txz Slackware x86_64 13.37 package: e838620fff3b7897c4abf400b7d6cc44 MPlayer-1.2_20160125-x86_64-1_slack13.37.txz Slackware 14.0 package: 4a553ffaa10ab8449cf57290044710d7 MPlayer-1.2_20160125-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 3af17776a3215a2e29cce431a2d09529 MPlayer-1.2_20160125-x86_64-1_slack14.0.txz Slackware 14.1 package: 5f3162bcdb712761405a6c12425de3a8 MPlayer-1.2_20160125-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 6877204e82bc69b766956a8e7cc2f8e5 MPlayer-1.2_20160125-x86_64-1_slack14.1.txz Slackware -current package: 270a1cf094a3175084f99fa13a2de51e xap/MPlayer-1.2_20160125-i586-1.txz Slackware x86_64 -current package: c24b4bd9c2c206f58f512cf113ad9d79 xap/MPlayer-1.2_20160125-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg MPlayer-1.2_20160125-i486-1_slack14.1.txz +-----+ . MPlayer security patch released for various Slackware versions addressing urgent vulnerabilities. Refer to the specifics and installation guidance.. MPlayer Security Update, Slackware Packages, Remote Exploit Fix. . Severity: Important. LinuxSecurity.com Team
tixxDZ (DZCORE labs) discovered a vulnerability in the mplayer movie player. Missing data validation in mplayer's real data transport (RDT) implementation enable an integer underflow and consequently an unbounded buffer operation. A maliciously crafted stream could thus enable an . - ------------------------------------------------------------------------ Debian Security Advisory DSA-2044-1
Several vulnerabilities have been discovered in mplayer, a movie player for Unix-like systems. The Common Vulnerabilities and Exposures project identifies the following problems: . - ------------------------------------------------------------------------ Debian Security Advisory DSA-1782-1
Multiple vulnerabilities in MPlayer may lead to the execution of arbitrary code or a Denial of Service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200901-07:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MPlayer: Multiple vulnerabilities Date: January 12, 2009 Updated: January 12, 2009 Bugs: #231836, #239130, #251017 ID: 200901-07:02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities in MPlayer may lead to the execution of arbitrary code or a Denial of Service. Background ========= MPlayer is a media player including support for a wide range of audio and video formats. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mplayer < 1.0_rc2_p28058-r1 > = 1.0_rc2_p28058-r1 Description ========== Multiple vulnerabilities have been reported in MPlayer: * A stack-based buffer overflow was found in the str_read_packet() function in libavformat/psxstr.c when processing crafted STR files that interleave audio and video sectors (CVE-2008-3162). * Felipe Andres Manzano reported multiple integer underflows in the demux_real_fill_buffer() function in demux_real.c when processing crafted Real Media files that cause the stream_read() function to read or write arbitrary memory (CVE-2008-3827). * Tobias Klein reported a stack-based buffer overflow in the demux_open_vqf() function in libmpdemux/demux_vqf.c when processing malformed TwinVQ files (CVE-2008-5616). Impact ===== A remote attacker could entice a user to opena specially crafted STR, Real Media, or TwinVQ file to execute arbitrary code or cause a Denial of Service. Workaround ========= There is no known workaround at this time. Resolution ========= All MPlayer users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-video/mplayer-1.0_rc2_p28058-r1 " References ========= [ 1 ] CVE-2008-3162 https://www.cve.org/CVERecord?id=CVE-2008-3162 [ 2 ] CVE-2008-3827 https://www.cve.org/CVERecord?id=CVE-2008-3827 [ 3 ] CVE-2008-5616 https://www.cve.org/CVERecord?id=CVE-2008-5616 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200901-07 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Stefan Cornelius and Reimar Doeffinger discovered that the MPlayer movie player performs insufficient boundary checks when accessing CDDB data, which might lead to the execution of arbitrary code.. - --------------------------------------------------------------------------Debian Security Advisory DSA 1313-1
A buffer overflow was found in MPlayer's RTSP plugin that could lead to a Denial of Service or arbitrary code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200702-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: MPlayer: Buffer overflow Date: February 27, 2007 Bugs: #159727 ID: 200702-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A buffer overflow was found in MPlayer's RTSP plugin that could lead to a Denial of Service or arbitrary code execution. Background ========= MPlayer is a media player capable of playing multiple media formats. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-video/mplayer < 1.0_rc1-r2 > = 1.0_rc1-r2 Description ========== When checking for matching asm rules in the asmrp.c code, the results are stored in a fixed-size array without boundary checks which may allow a buffer overflow. Impact ===== An attacker can entice a user to connect to a manipulated RTSP server resulting in a Denial of Service and possibly execution of arbitrary code. Workaround ========= There is no known workaround at this time. Resolution ========= All MPlayer users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-video/mplayer-1.0_rc1-r2" References ========= [ 1 ] Original Advisory http://www.mplayerhq.hu/design7/news.html#vuln14 [ 2 ] CVE-2006-6172 https://www.cve.org/CVERecord?id=CVE-2006-6172 Availability =========== This GLSA andany updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200702-11 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Get the latest Linux and open source security news straight to your inbox.