Today a security vulnerability for mplayer was reported: Security Advisories: http://www.mplayerhq.hu/homepage/design6/news.html http://www.securityfocus.com/archive/1/359025 Severity: HIGH (if playing HTTP streaming content) LOW (if playing only normal files) Description: A remotely exploitable buffer overflow vulnerability was found in MPlayer. A malicious host can craft a harmful HTTP header ("Location:"), and trick MPlayer into executing arbitrary code upon parsing that header. MPlayer versions affected: MPlayer 0.90pre series MPlayer 0.90rc series MPlayer 0.90 MPlayer 0.91 MPlayer 1.0pre1 MPlayer 1.0pre2 MPlayer 1.0pre3 MPlayer versions unaffected: MPlayer releases before 0.60pre1 MPlayer 0.92.1 MPlayer 1.0pre3try2 MPlayer 0_92 CVS MPlayer HEAD CVS Notification status: Developers were notified on 2004.03.29 (by "blexim") Fix was commited into HEAD CVS at 2004.03.30 12:58:43 CEST MPlayer 0.92.1 (vuln-fix-only release) was released on 2003.03.30 16:45:00 CEST MPlayer 1.0pre3try2 (vuln-fix-only release) was released on 2003.03.30 16:51:00 CEST Patch availability: A patch is available for all vulnerable versions here. http://www.mplayerhq.hu/MPlayer/patches/vuln02-fix.diff Suggested upgrading methods: MPlayer 1.0pre3 users should upgrade to latest CVS MPlayer 0.92 (and below) users should upgrade to 0.92.1 OR latest CVS
*** This bug has been marked as a duplicate of 46246 ***
