Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2005:230: mplayer Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the mplayer package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2005:230 (mplayer).
Simon Kilvington discovered a vulnerability in FFmpeg libavcodec, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially to compromise a user's system. The vulnerability is caused due to a
boundary error in the 'avcodec_default_get_buffer()' function of 'utils.c' in
libavcodec. This can be exploited to cause a heap-based buffer overflow when a
specially-crafted 1x1 '.png' file containing a palette is read. Mplayer is
built with a private copy of ffmpeg containing this same code. The updated
packages have been patched to prevent this problem.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:230
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.