FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mplayer -- potential buffer overrun when processing malicious lzo compressed input

Affected packages
mplayer < 1.1.r20140418_3

Details

VuXML ID 9ab3a22c-feb8-11e3-b938-5404a68ad561
Discovery 2014-06-24
Entry 2014-06-28

Michael Niedermayer and Luca Barbato report in upstream ffmpeg:

avutil/lzo: Fix integer overflow

References

CVE Name CVE-2014-4610
URL http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ccda51b14c0fcae2fad73a24872dce75a7964996
URL http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6af26c55c1ea30f85a7d9edbc373f53be1743ee