The vulnerability is caused due to a boundary error within the "sub_read_line_sami()" function in subreader.c and can be exploited to cause a stack-based buffer overflow via a specially crafted SAMI subtitle file.
The trivial change looks to be listed at: http://mplayerhq.hu/pipermail/mplayer-cvslog/2011-May/042075.html
*** Bug 385743 has been marked as a duplicate of this bug. ***
+*mplayer-1.0_rc4_p20110322-r1 (06 Oct 2011) + + 06 Oct 2011; Samuli Suominen <ssuominen@gentoo.org> + +mplayer-1.0_rc4_p20110322-r1.ebuild, + +files/mplayer-1.0_rc4_p20110322-sami_subtitle_parsing.patch: + Fix security bug (SAMI Subtitle Parsing Buffer Overflow) #379297 by Agostino + Sarubbo
And blocking bug 384701 because this version is required also for libpng15 compability.
Thanks Samuli, Arches, please test and mark stable: =mplayer-1.0_rc4_p20110322-r1 target KEYWORDS : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
amd64 ok
+ 06 Oct 2011; Steve Dibb <beandog@gentoo.org> + mplayer-1.0_rc4_p20110322-r1.ebuild: + amd64 stable, security bug 379297
amd64: ok
x86 stable
arm stable
Stable for HPPA.
ppc/ppc64 stable
alpha/ia64/sparc stable
Thanks, everyone. Added to existing GLSA request.
(In reply to comment #4) > And blocking bug 384701 because this version is required also for libpng15 > compability. And removing now, since this is stable everywhere so it doesn't "show up" in the blockers list anymore. Sort of useless bugspam, sorry about that.
This issue was resolved and addressed in GLSA 201310-13 at http://security.gentoo.org/glsa/glsa-201310-13.xml by GLSA coordinator Sean Amoss (ackle).