FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mplayer -- heap overflow in the ASF demuxer

Affected packages
mplayer < 0.99.7_11
mplayer-esound < 0.99.7_11
mplayer-gtk < 0.99.7_11
mplayer-gtk-esound < 0.99.7_11

Details

VuXML ID 104beb63-af4d-11da-8414-0013d4a4a40e
Discovery 2006-02-15
Entry 2006-03-09

The Mplayer team reports:

A potential buffer overflow was found in the ASF demuxer. Arbitrary remote code execution is possible (under the user ID running the player) when streaming an ASF file from a malicious server or local code execution (under the user ID running the player) if a malicious ASF file is played locally.

References

CVE Name CVE-2006-0579
URL http://bugs.gentoo.org/show_bug.cgi?id=122029
URL http://secunia.com/advisories/18718
URL http://www.mplayerhq.hu/design7/news.html#vuln13