• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

MPlayer 'stream_read' Function Remote Heap Based Buffer Overflow Vulnerability

Solution:
A patch and an advisory are available to address this issue. Please see the references for more information.


MandrakeSoft Linux Mandrake 2008.1 x86_64

• Mandriva mencoder-1.0-1.rc2.10.4mdv2008.1.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva mplayer-1.0-1.rc2.10.4mdv2008.1.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva mplayer-doc-1.0-1.rc2.10.4mdv2008.1.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva mplayer-gui-1.0-1.rc2.10.4mdv2008.1.x86_64.rpm
  http://www.mandriva.com/en/download/

MandrakeSoft Linux Mandrake 2008.1

• Mandriva mencoder-1.0-1.rc2.10.4mdv2008.1.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva mplayer-1.0-1.rc2.10.4mdv2008.1.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva mplayer-doc-1.0-1.rc2.10.4mdv2008.1.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva mplayer-gui-1.0-1.rc2.10.4mdv2008.1.i586.rpm
  http://www.mandriva.com/en/download/

MPlayer MPlayer 1.0rc2

• MPlayer mplayer_demux_real.patch
  http://www.ocert.org/patches/2008-013/mplayer_demux_real.patch

MPlayer MPlayer 1.0 -rc1

• MPlayer mplayer_demux_real.patch
  http://www.ocert.org/patches/2008-013/mplayer_demux_real.patch

MPlayer MPlayer 1.0pre7try2

• MPlayer mplayer_demux_real.patch
  http://www.ocert.org/patches/2008-013/mplayer_demux_real.patch

MandrakeSoft Linux Mandrake 2008.0 x86_64

• Mandriva mencoder-1.0-1.rc1.20.5mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva mplayer-1.0-1.rc1.20.5mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva mplayer-doc-1.0-1.rc1.20.5mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva mplayer-gui-1.0-1.rc1.20.5mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/

MPlayer MPlayer 1.0

• MPlayer mplayer_demux_real.patch
  http://www.ocert.org/patches/2008-013/mplayer_demux_real.patch

MandrakeSoft Linux Mandrake 2008.0

• Mandriva libdha1.0-1.0-1.rc1.20.5mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva mencoder-1.0-1.rc1.20.5mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva mplayer-1.0-1.rc1.20.5mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva mplayer-doc-1.0-1.rc1.20.5mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva mplayer-gui-1.0-1.rc1.20.5mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/

MandrakeSoft Linux Mandrake 2009.0

• Mandriva mencoder-1.0-1.rc2.18.1mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva mplayer-1.0-1.rc2.18.1mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva mplayer-doc-1.0-1.rc2.18.1mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva mplayer-gui-1.0-1.rc2.18.1mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/

MandrakeSoft Linux Mandrake 2009.0 x86_64

• Mandriva mencoder-1.0-1.rc2.18.1mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva mplayer-1.0-1.rc2.18.1mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva mplayer-doc-1.0-1.rc2.18.1mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva mplayer-gui-1.0-1.rc2.18.1mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/

MPlayer MPlayer 0.9 0rc4

• MPlayer mplayer_demux_real.patch
  http://www.ocert.org/patches/2008-013/mplayer_demux_real.patch

MPlayer MPlayer 0.90 pre series

• MPlayer mplayer_demux_real.patch
  http://www.ocert.org/patches/2008-013/mplayer_demux_real.patch

MPlayer MPlayer 0.90

• MPlayer mplayer_demux_real.patch
  http://www.ocert.org/patches/2008-013/mplayer_demux_real.patch

MPlayer MPlayer 0.90 rc series

• MPlayer mplayer_demux_real.patch
  http://www.ocert.org/patches/2008-013/mplayer_demux_real.patch

MPlayer MPlayer 0.91

• MPlayer mplayer_demux_real.patch
  http://www.ocert.org/patches/2008-013/mplayer_demux_real.patch

MPlayer MPlayer 0.92

• MPlayer mplayer_demux_real.patch
  http://www.ocert.org/patches/2008-013/mplayer_demux_real.patch

MPlayer MPlayer 0.92.1

• MPlayer mplayer_demux_real.patch
  http://www.ocert.org/patches/2008-013/mplayer_demux_real.patch

MPlayer MPlayer 1.0 pre3

• MPlayer mplayer_demux_real.patch
  http://www.ocert.org/patches/2008-013/mplayer_demux_real.patch

MPlayer MPlayer 1.0 pre4

• MPlayer mplayer_demux_real.patch
  http://www.ocert.org/patches/2008-013/mplayer_demux_real.patch

MPlayer MPlayer 1.0 pre6-3.3.5-20050130

• MPlayer mplayer_demux_real.patch
  http://www.ocert.org/patches/2008-013/mplayer_demux_real.patch

MPlayer MPlayer 1.0 pre6-r4

• MPlayer mplayer_demux_real.patch
  http://www.ocert.org/patches/2008-013/mplayer_demux_real.patch

MPlayer MPlayer 1.0 pre5

• MPlayer mplayer_demux_real.patch
  http://www.ocert.org/patches/2008-013/mplayer_demux_real.patch

MPlayer MPlayer 1.0 pre6

• MPlayer mplayer_demux_real.patch
  http://www.ocert.org/patches/2008-013/mplayer_demux_real.patch

MPlayer MPlayer 1.0 pre5try2

• MPlayer mplayer_demux_real.patch
  http://www.ocert.org/patches/2008-013/mplayer_demux_real.patch

MPlayer MPlayer 1.0 pre1

• MPlayer mplayer_demux_real.patch
  http://www.ocert.org/patches/2008-013/mplayer_demux_real.patch

MPlayer MPlayer 1.0 pre2

• MPlayer mplayer_demux_real.patch
  http://www.ocert.org/patches/2008-013/mplayer_demux_real.patch

MPlayer MPlayer 1.0 pre5try1

• MPlayer mplayer_demux_real.patch
  http://www.ocert.org/patches/2008-013/mplayer_demux_real.patch

MPlayer MPlayer 1.0 pre3try2

• MPlayer mplayer_demux_real.patch
  http://www.ocert.org/patches/2008-013/mplayer_demux_real.patch

MandrakeSoft Corporate Server 3.0 x86_64

• Mandriva lib64postproc0-1.0-0.pre3.14.17.C30mdk.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva lib64postproc0-devel-1.0-0.pre3.14.17.C30mdk.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva mencoder-1.0-0.pre3.14.17.C30mdk.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva mplayer-1.0-0.pre3.14.17.C30mdk.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva mplayer-gui-1.0-0.pre3.14.17.C30mdk.x86_64.rpm
  http://www.mandriva.com/en/download/

MandrakeSoft Corporate Server 3.0

• Mandriva libdha0.1-1.0-0.pre3.14.17.C30mdk.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva libpostproc0-1.0-0.pre3.14.17.C30mdk.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva libpostproc0-devel-1.0-0.pre3.14.17.C30mdk.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva mencoder-1.0-0.pre3.14.17.C30mdk.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva mplayer-1.0-0.pre3.14.17.C30mdk.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva mplayer-gui-1.0-0.pre3.14.17.C30mdk.i586.rpm
  http://www.mandriva.com/en/download/