MPlayer contains a stack buffer overflow vulnerability while parsing
malformed TwinVQ media files. The vulnerability may be exploited by a
(remote) attacker to execute arbitrary code in the context of MPlayer.
Fix in SVN:
Also from Secunia:
*** Bug 251277 has been marked as a duplicate of this bug. ***
This has been assigned CVE-2008-5616
Patch applied in mplayer-1.0_rc2_p28058-r1
Stack-based buffer overflow in the demux_open_vqf function in
libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote
attackers to execute arbitrary code via a malformed TwinVQ file.
Arches, please test and mark stable:
Target keywords : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
Stable for HPPA.
*** Bug 251567 has been marked as a duplicate of this bug. ***
Stable on alpha.
GLSA together with bug 239130 and bug 231836.
GLSA 200901-07. Thanks everyone, sorry about the delay.