For high values of the 2 bytes strf parameter in the audio header of a video file, it is possible to overflow sh_audio->a_buffer, overwrite the instruction pointer and execute arbitrary code. http://www.sven-tantau.de/public_files/mplayer/mplayer_20050824.txt Note that the advisory lists only the latest versions as vulnerable, but doesn't exclude older versions as unaffected.
*** This bug has been marked as a duplicate of 103555 ***