Vulnerability Note VU#723910
MPlayer contains a buffer overflow in the HTTP parser
MPlayer fails to properly allocate a memory buffer for URL strings containing characters that need to be escaped.
MPlayer is a movie player for Linux and other Unix-based operating systems. MPlayer fails to properly allocate a memory buffer for URL strings containing characters that need to be escaped. When escaping characters in a URL, a single character may be replaced by three. For instance, the space character may be replaced by %20. There is a vulnerability in the way MPlayer allocates memory to store the escaped representation of the URL. By sending a "Location" HTTP header containing an overly long URL with many un-escaped characters, an attacker can trigger a buffer overflow.
According to the MPlayer Advisory, the following versions are affected:
By convincing a user to play a media file containing a specially crafted "Location" HTTP header, an attacker could cause MPlayer to crash or potentially execute code of the attacker's choice with privileges of the victim.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|MPLAYERHQ||Affected||-||09 Apr 2004|
CVSS Metrics (Learn More)
This vulnerability was reported by blexim.
This document was written by Damon Morda.
- CVE IDs: Unknown
- Date Public: 31 Mar 2004
- Date First Published: 09 Apr 2004
- Date Last Updated: 09 Apr 2004
- Severity Metric: 1.35
- Document Revision: 16
If you have feedback, comments, or additional information about this vulnerability, please send us email.