Advisories MDKSA-2006:175: Updated mplayer packages fix buffer overflow vulnerabilities

[paul]

Mplayer uses an embedded copy of ffmpeg and as such has been updated to

address the following issue: Multiple buffer overflows in libavcodec

in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a

denial of service or possibly execute arbitrary code via multiple

unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c,

(4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9)

cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c.

NOTE: it is likely that this is a different vulnerability than

CVE-2005-4048 and CVE-2006-2802.

 

Updated packages have been patched to correct this issue.