MPlayer allows remote attackers to cause a denial of service
(application crash) via (1) a malformed AAC file, as demonstrated by
lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated
by lol-ffplay.ogm, different vectors than CVE-2007-6718.
MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of
service (SIGSEGV and application crash) via (1) a malformed MP3 file,
as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as
demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as
demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as
demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as
demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as
demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as
demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as
demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as
demonstrated by lol-mplayer.aac. NOTE: vector 5 might overlap
CVE-2007-4938, and vector 6 might overlap CVE-2008-0486.
I don't think anyone claimed anything more than a crash on these issues yet.
Upstream has patches for few issues, but some are unconfirmed or not followed up on:
It's unclear if code execution is possible, these bugs were found by fuzzing and not examined closely. Hanno also labled this "crashers / potential security risks in mplayer".
There is no <=media-video/mplayer-1.0_rc2_p28058-r1 in portage any more.
From what I can tell looking at the ffmpeg changelog included in our stable mplayer, the bundled version is more recent than ffmpeg 0.6, which is more recent than the fixed version listed in the original third-party advisory at , which states:
Upgrade to FFmpeg SVN trunk >= revision 16846
Moving this to [glsa] and please comment if you disagree with the above (not so stellar) analysis. Will GLSA with other mplayer issues.
This issue was resolved and addressed in
GLSA 201310-13 at http://security.gentoo.org/glsa/glsa-201310-13.xml
by GLSA coordinator Sean Amoss (ackle).