CVE-2011-3625

Published: 11 June 2014

Stack-based buffer overflow in the sub_read_line_sami function in subreader.c in MPlayer, as used in SMPlayer 0.6.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a SAMI subtitle file.

Priority

Medium

Status

Package Release Status
mplayer
Launchpad, Ubuntu, Debian
Upstream
Released (2:1.0~rc4.dfsg1+svn33713-2)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

mplayer2
Launchpad, Ubuntu, Debian
Upstream
Released (2.0-134-g84d8671-9)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.0-134-g84d8671-9)
Patches:
Upstream: http://git.mplayer2.org/mplayer2/commit/?id=27b88a09c5319deb62221b8cd0ecc14cd1136e4a