Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or write arbitrary memory.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mplayer | Mplayer | * | 1.0_rc2 (including) |
| Mplayer | Mplayer | 0.90 (including) | 0.90 (including) |
| Mplayer | Mplayer | 0.90_pre (including) | 0.90_pre (including) |
| Mplayer | Mplayer | 0.90_rc (including) | 0.90_rc (including) |
| Mplayer | Mplayer | 0.90_rc4 (including) | 0.90_rc4 (including) |
| Mplayer | Mplayer | 0.91 (including) | 0.91 (including) |
| Mplayer | Mplayer | 0.92 (including) | 0.92 (including) |
| Mplayer | Mplayer | 0.92.1 (including) | 0.92.1 (including) |
| Mplayer | Mplayer | 0.92_cvs (including) | 0.92_cvs (including) |
| Mplayer | Mplayer | 1.0_pre1 (including) | 1.0_pre1 (including) |
| Mplayer | Mplayer | 1.0_pre2 (including) | 1.0_pre2 (including) |
| Mplayer | Mplayer | 1.0_pre3 (including) | 1.0_pre3 (including) |
| Mplayer | Mplayer | 1.0_pre3try2 (including) | 1.0_pre3try2 (including) |
| Mplayer | Mplayer | 1.0_pre4 (including) | 1.0_pre4 (including) |
| Mplayer | Mplayer | 1.0_pre5 (including) | 1.0_pre5 (including) |
| Mplayer | Mplayer | 1.0_pre5try1 (including) | 1.0_pre5try1 (including) |
| Mplayer | Mplayer | 1.0_pre5try2 (including) | 1.0_pre5try2 (including) |
| Mplayer | Mplayer | 1.0_pre6 (including) | 1.0_pre6 (including) |
| Mplayer | Mplayer | 1.0_pre7 (including) | 1.0_pre7 (including) |
| Mplayer | Mplayer | 1.0_pre7try2 (including) | 1.0_pre7try2 (including) |
| Mplayer | Mplayer | 1.0_rc1 (including) | 1.0_rc1 (including) |
| Mplayer | Ubuntu | dapper | * |
| Mplayer | Ubuntu | feisty | * |
| Mplayer | Ubuntu | gutsy | * |
| Mplayer | Ubuntu | hardy | * |