CVE-2011-3625

Description

Stack-based buffer overflow in the sub_read_line_sami function in subreader.c in MPlayer, as used in SMPlayer 0.6.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a SAMI subtitle file.

How to fix CVE-2011-3625

To remediate CVE-2011-3625, upgrade the affected package to a fixed version below.

• Debian/mplayer—upgrade to 2:1.0~rc4.dfsg1+svn33713-2 or later

Is CVE-2011-3625 being exploited?

Likely — EPSS is 68.1%, placing CVE-2011-3625 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (1)

• from 0, < 2:1.0~rc4.dfsg1+svn33713-2

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-3625