[Bug 678] New: MPlayer-1.0pre3try2

blfs-bugs at linuxfromscratch.org blfs-bugs at linuxfromscratch.org
Tue Mar 30 13:13:05 PST 2004


http://blfs-bugs.linuxfromscratch.org/show_bug.cgi?id=678

           Summary: MPlayer-1.0pre3try2
           Product: Beyond LinuxFromScratch
           Version: CVS
          Platform: PC
               URL: http://www.mplayerhq.hu/
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: BOOK
        AssignedTo: blfs-book at linuxfromscratch.org
        ReportedBy: igor at linuxfromscratch.org
         QAContact: blfs-book at linuxfromscratch.org


Vulnerability fix.

Severity:
HIGH (if playing HTTP streaming content)
LOW (if playing only normal files)

Description:
A remotely exploitable buffer overflow vulnerability was found in MPlayer. A
malicious host can craft a harmful HTTP header ("Location:"), and trick MPlayer
into executing arbitrary code upon parsing that header.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
You are the QA contact for the bug, or are watching the QA contact.



More information about the blfs-book mailing list