FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mplayer -- vulnerability in STR files processor

Affected packages
mplayer < 0.99.11_10
mplayer-esound < 0.99.11_10
mplayer-gtk < 0.99.11_10
mplayer-gtk-esound < 0.99.11_10
mplayer-gtk2 < 0.99.11_10
mplayer-gtk2-esound < 0.99.11_10

Details

VuXML ID 5ccb1c14-e357-11dd-a765-0030843d3802
Discovery 2008-07-09
Entry 2009-01-15

Secunia reports:

The vulnerability is caused due to a boundary error within the "str_read_packet()" function in libavformat/psxstr.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted STR file.

References

Bugtraq ID 30157
CVE Name CVE-2008-3162
URL http://secunia.com/advisories/30994
URL https://roundup.mplayerhq.hu/roundup/ffmpeg/issue311