mplayer -- multiple vulnerabilities

The remote host is missing an update to the system as announced in the referenced advisory.

The following packages are affected: mplayer mplayer-esound mplayer-gtk mplayer-gtk2 mplayer-gtk-esound mplayer-gtk2-esound CVE-2008-0485 Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag. CVE-2008-0486 Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. CVE-2008-0629 Buffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN before r25824 allows remote user-assisted attackers to execute arbitrary code via a CDDB database entry containing a long album title. CVE-2008-0630 Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 allows remote attackers to execute arbitrary code via a crafted URL that prevents the IPv6 parsing code from setting a pointer to NULL, which causes the buffer to be reused by the unescape code.

Update your system with the appropriate patches or software upgrades. http://secunia.com/advisories/28779 http://www.vuxml.org/freebsd/de4d4110-ebce-11dc-ae14-0016179b2dd5.html