Severity: HIGH (if playing ASX streaming content) LOW (if playing only normal files) Description: A remotely exploitable buffer overflow vulnerability was found in MPlayer. A malicious host can craft a harmful ASX header, and trick MPlayer into executing arbitrary code upon parsing that header. MPlayer versions affected: MPlayer 0.90pre series MPlayer 0.90rc series MPlayer 0.90 MPlayer 0.91 MPlayer 1.0pre1 MPlayer versions unaffected: MPlayer releases before 0.90pre1 MPlayer 0.92 MPlayer HEAD CVS Url: http://www.mplayerhq.hu/homepage/design6/news.html Fix: -Upgrade to 0.92 to plug the exploitable. -Add RUN_DEPENDS of mplayer-skins in the WITH_GUI define. Remove the message of tell user to go MPlayer website and download the skins. I think, it's silly and should be add RUN_DEPENDS since we have multimedia/mplayer-skins. On another note: Please do the double check on the mplayer-0.9.1-v6-20030825.diff.gz in case. I didn't find anything wrong with it thought to apply it with 0.92 and play mplayer. How-To-Repeat: n/a
State Changed From-To: open->closed Superceded by ports/57324.