Debian Security Advisory
DSA-2044-1 mplayer -- integer overflow
- Date Reported:
- 11 May 2010
- Affected Packages:
- mplayer
- Vulnerable:
- Yes
- Security database references:
- No other external database security references currently available.
- More information:
-
tixxDZ (DZCORE labs) discovered a vulnerability in the mplayer movie player. Missing data validation in mplayer's real data transport (RDT) implementation enable an integer underflow and consequently an unbounded buffer operation. A maliciously crafted stream could thus enable an attacker to execute arbitrary code.
No Common Vulnerabilities and Exposures project identifier is available for this issue.
For the stable distribution (lenny), this problem has been fixed in version 1.0~rc2-17+lenny3.2.
We recommend that you upgrade your mplayer packages.
- Fixed in:
-
Debian GNU/Linux 5.0 (lenny)
- Source:
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2.dsc
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2.diff.gz
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2.orig.tar.gz
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2.diff.gz
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-doc_1.0~rc2-17+lenny3.2_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_alpha.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_alpha.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_amd64.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_amd64.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_arm.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_arm.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_arm.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_hppa.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_hppa.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_i386.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_i386.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_ia64.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_ia64.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_mips.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_mips.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_s390.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_s390.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_sparc.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_sparc.deb
- http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_sparc.deb
MD5 checksums of the listed files are available in the original advisory.