Gentoo Linux Security Advisory GLSA 200901-07:02 - Multiple vulnerabilities in MPlayer may lead to the execution of arbitrary code or a Denial of Service. Versions less than 1.0_rc2_p28058-r1 are affected.
a0d17e5282ee3f678c9d2f0857185c3ffd590e9cd23b30ec57e917b7dd662cb4
Mandriva Linux Security Advisory - A vulnerability that was discovered in xine-lib that allowed remote RTSP servers to execute arbitrary code via a large streamid SDP parameter also affects MPlayer. Several integer overflows were discovered by Felipe Andres Manzano in MPlayer's Real video stream demuxing code. These vulnerabilities could allow an attacker to cause a crash or possibly execute arbitrary code by supplying a malicious crafted video file. The updated packages have been patched to fix these issues. Note that CVE-2008-3827 was already corrected in the Mandriva Linux 2009 packages.
066d0295c5e7993cf9dc8e543353f75479252803b2356b941a661066f30a1f4f
Debian Security Advisory 1644-1 - Felipe Andres Manzano discovered that mplayer, a multimedia player, is vulnerable to several integer overflows in the Real video stream demuxing code. These flaws could allow an attacker to cause a denial of service (a crash) or potentially the execution of arbitrary code by supplying a maliciously crafted video file.
0b14a7c5b18a785119de3447fb6fe29091f332d5abf5c2cba8a5d7322d7cd885
The MPlayer multimedia player suffers from a vulnerability which could result in arbitrary code execution and at the least, in unexpected process termination. Three integer underflows located in the Real demuxer code can be used to exploit a heap overflow, a specific video file can be crafted in order to make the stream_read function reading or writing arbitrary amounts of memory. Versions 1.0 RC2 and below are affected.
f47bbc552774c9b5545581209953d5f8219b79416c8f70eb63e89a8fd31e6423