Jump to content

Advisories (MDKSA-2006:068 ): mplayer


aru
 Share

Recommended Posts

Mandriva Advisories MDKSA-2006:068 : mplayer

 

Updated mplayer packages fix integer overflow vulnerabilities

April 7th, 2006

 

Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negative integer after the conversion from a char to an int or (2) an AVI file with a crafted wLongsPerEntry or nEntriesInUse value in the indx chunk, which is handled in aviheader.c. The updated packages have been patched to prevent this problem.

 

 

The released versions of Mandriva GNU/Linux affected are:

  • CS3.0
  • 2006.0

Full information about this advisory, including the updated packages, is available at:

wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:068

 

Other references:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1502

 

Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)

Link to comment
Share on other sites

 Share

×
×
  • Create New...