CVE-2008-3827 — mplayer - integer overflows

Description

Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or write arbitrary memory.

How to fix CVE-2008-3827

To remediate CVE-2008-3827, upgrade the affected package to a fixed version below.

Debian/mplayer—upgrade to 1.0~rc2-18 or later
Debian/mplayer—upgrade to 1.0~rc1-12etch5 or later
—upgrade to 1.0~rc2-17+lenny1 or later

Is CVE-2008-3827 being exploited?

Low — EPSS is 3.6%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 1.0~rc2-18
from 0, < 1.0~rc1-12etch5
from 0, < 1.0~rc2-17+lenny1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-3827