Vulnerability Type: HTTP Parser Vulnerability Severity: - High (if playing HTTP stream content) - Low (if only playing regular files) Description: A remotely exploitable buffer overflow vulnerability has been discovered in MPlayer. A malicious host can craft a harmful HTTP header ("Location:") to trigger arbitrary code execution in MPlayer during the parsing of this header. Affected MPlayer Versions: - MPlayer 0.90pre series - MPlayer 0.90rc series - MPlayer 0.90 - MPlayer 0.91 - MPlayer 1.0pre1 - MPlayer 1.0pre2 - MPlayer 1.0pre3 Unaffected MPlayer Versions: - Versions prior to MPlayer 0.60pre1 - MPlayer 0.92.1 - MPlayer 1.0pre3try2 - MPlayer 0.92 CVS - MPlayer HEAD CVS Notification Status: Developers were notified on March 29, 2004 (by "blexim") Patch Submission: Patch submitted to HEAD CVS on March 30, 2004, at 12:58:43 CEST Released Fixed Versions: - MPlayer 0.92.1 (vulnerability-fixed version) released on March 30, 2003, at 16:45:00 CEST - MPlayer 1.0pre3try2 (vulnerability-fixed version) released on March 30, 2003, at 16:51:00 CEST Patch Availability: Patches are available for all vulnerable versions. Recommended Upgrade Path: - MPlayer 1.0pre3 users should upgrade to the latest CVS - MPlayer 0.92 (and earlier) users should upgrade to 0.92.1 or the latest CVS Downloadable Fixed Versions: - MPlayer 0.92.1 (PGP signed) (MD5 checksum) available for download - MPlayer 1.0pre3try2 (PGP signed) (MD5 checksum) available for download