CVE-2004-1309

Description

Heap-based buffer overflow in the demux_open_bmp function in demux_bmp.c for Unix MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a bitmap (BMP) file containing a large biClrUsed field.

How to fix CVE-2004-1309

To remediate CVE-2004-1309, upgrade the affected package to a fixed version below.

• Debian/mplayer—upgrade to 1.0~pre6a-1 or later

Is CVE-2004-1309 being exploited?

Moderate — EPSS is 5.5%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 1.0~pre6a-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2004-1309