CVE-2010-2062
mplayer - arbitrary code execution
EPSS 3.0%
Description
Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header.
How to fix CVE-2010-2062
To remediate CVE-2010-2062, upgrade the affected package to a fixed version below.
- Debian/mplayer—upgrade to 2:1.0~rc3+svn20100502-3 or later
- Debian/mplayer—upgrade to 1.0~rc2-17+lenny3.2 or later
- —upgrade to 1.0.1-1 or later
- —upgrade to 0.8.6.h-4+lenny2.3 or later
Is CVE-2010-2062 being exploited?
Low — EPSS is 3.0%, meaning exploitation activity has not been observed at scale.
Affected packages (4)
- from 0, < 2:1.0~rc3+svn20100502-3
- from 0, < 1.0~rc2-17+lenny3.2
- from 0, < 1.0.1-1
- from 0, < 0.8.6.h-4+lenny2.3