-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: MPlayer TwinVQ Processing Stack Buffer Overflow Vulnerability Advisory ID: TKADV2008-014 Revision: 1.0 Release Date: 2008/12/14 Last Modified: 2008/12/14 Date Reported: 2008/12/07 Author: Tobias Klein (tk at trapkit.de) Affected Software: MPlayer 1.0rc2 < r28150 and MPlayer SVN trunk < r28149 Remotely Exploitable: Yes Locally Exploitable: No Vendor URL: http://www.mplayerhq.hu Vendor Status: Vendor has released an updated version Patch development time: 8 days ====================== Vulnerability Details: ====================== MPlayer contains a stack buffer overflow vulnerability while parsing malformed TwinVQ media files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of MPlayer.
*** This bug has been marked as a duplicate of bug 251017 ***