Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or write arbitrary memory.
Software | From | Fixed in |
---|---|---|
mplayer / mplayer | - | 1.0_rc2.x |
mplayer / mplayer | 0.90 | 0.90.x |
mplayer / mplayer | 0.90_pre | 0.90_pre.x |
mplayer / mplayer | 0.90_rc | 0.90_rc.x |
mplayer / mplayer | 0.90_rc4 | 0.90_rc4.x |
mplayer / mplayer | 0.91 | 0.91.x |
mplayer / mplayer | 0.92 | 0.92.x |
mplayer / mplayer | 0.92_cvs | 0.92_cvs.x |
mplayer / mplayer | 0.92.1 | 0.92.1.x |
mplayer / mplayer | 1.0_pre1 | 1.0_pre1.x |
mplayer / mplayer | 1.0_pre2 | 1.0_pre2.x |
mplayer / mplayer | 1.0_pre3 | 1.0_pre3.x |
mplayer / mplayer | 1.0_pre3try2 | 1.0_pre3try2.x |
mplayer / mplayer | 1.0_pre4 | 1.0_pre4.x |
mplayer / mplayer | 1.0_pre5 | 1.0_pre5.x |
mplayer / mplayer | 1.0_pre5try1 | 1.0_pre5try1.x |
mplayer / mplayer | 1.0_pre5try2 | 1.0_pre5try2.x |
mplayer / mplayer | 1.0_pre6 | 1.0_pre6.x |
mplayer / mplayer | 1.0_pre7 | 1.0_pre7.x |
mplayer / mplayer | 1.0_pre7try2 | 1.0_pre7try2.x |
mplayer / mplayer | 1.0_rc1 | 1.0_rc1.x |