A buffer overflow was found in the code used to extract album
titles from CDDB server answers. When parsing answers from the
CDDB server, the album title is copied into a fixed-size buffer
with insufficient size checks, which may cause a buffer overflow.
A malicious database entry could trigger a buffer overflow in the
program. That can lead to arbitrary code execution with the UID of
the user running MPlayer.
A buffer overflow was found in the code used to escape URL
strings. The code used to skip over IPv6 addresses can be tricked
into leaving a pointer to a temporary buffer with a non-NULL value;
this causes the unescape code to reuse the buffer, and may lead to
a buffer overflow if the old buffer is smaller than required.
A malicious URL string may be used to trigger a buffer overflow in
the program, that can lead to arbitrary code execution with the UID
of the user running MPlayer.
A buffer overflow was found in the code used to parse MOV file
headers. The code read some values from the file and used them as
indexes into as array allocated on the heap without performing any
boundary check. A malicious file may be used to trigger a buffer
overflow in the program. That can lead to arbitrary code execution
with the UID of the user running MPlayer.