[arch] [security] Alert on mplayer fixed
JJDaNiMoTh
jjdanimoth at gmail.com
Tue Apr 10 09:58:12 EDT 2007
- ------------------------------------------------------------
Arch Linux Security Warning ALSW 2007-#15
- ------------------------------------------------------------
Name: mplayer
Date: 2007-03-09
Severity: Normal
Warning #: 2007-#15
- ------------------------------------------------------------
Product Background
===================
A movie player for linux
Problem Background
===================
The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c
in MPlayer 1.0rc1 and earlier does not set the biSize before use in a
memcpy.
Impact
======
This problem allows user-assisted remote attackers to cause a buffer
overflow and possibly execute arbitrary code.
Problem Packages
===================
Package: mplayer
Repo: extra
Group: multimedia
Unsafe: <= 1.0rc1-4
Safe: >= 1.0rc1-5
Package Fix
===================
Upgrade to mplayer 1.0rc1-5
Reference(s)
===================
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
Url : http://archlinux.org/pipermail/arch/attachments/20070410/a52f04db/attachment-0002.bin
More information about the arch
mailing list