FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mplayer -- multiple integer overflows

Affected packages
mplayer < 0.99.11_7
mplayer-esound < 0.99.11_7
mplayer-gtk < 0.99.11_7
mplayer-gtk-esound < 0.99.11_7
mplayer-gtk2 < 0.99.11_7
mplayer-gtk2-esound < 0.99.11_7


VuXML ID 724e6f93-8f2a-11dd-821f-001cc0377035
Discovery 2008-09-30
Entry 2008-10-01
Modified 2008-10-02

The oCERT team reports:

The MPlayer multimedia player suffers from a vulnerability which could result in arbitrary code execution and at the least, in unexpected process termination. Three integer underflows located in the Real demuxer code can be used to exploit a heap overflow, a specific video file can be crafted in order to make the stream_read function reading or writing arbitrary amounts of memory.


CVE Name CVE-2008-3827