AFI Security Research has discovered two vulnerabilities in mplayer, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
Integer overflow errors exist in the "new_demux_packet()" function in "libmpdemux/demuxer.h" and the "demux_asf_read_packet()" function in "libmpdemux/demux_asf.c" when allocating memory to copy data from an ".asf" file. This can be exploited to cause heap-based buffer overflows via a specially crafted ".asf" file with an overly large value in the packet length field.
The vulnerabilities have been confirmed in version 1.0pre7try2. Other versions may also be affected.
Solution: Do not open untrusted ".asf" files.
Provided and/or discovered by: AFI Security Research
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org