Thursday, September 01, 2005

Mplayer 1.0.7try2

Last night, i tried to upgrade my Mplayer to the latest version, 1.0.7try2, because there is a bug that can cause to a heap overflow. Here is the official annoucement from the Mplayer team :

There is a bug which, depending on configuration, can lead to a heap overflow. If and under which circumstances this is exploitable is unclear to us as of now. We are aware that at least one person was able to write a working exploit on his system using an AVI file with uncompressed PCM audio. We have found a file that is supposed to exploit it but could not make it work, still we do not want to put you at risk by waiting longer to publish this.

They have worked a patch on CVS and it can be downloaded. I downloaded the new package from Linuxpackages and it requires a lot of new library, such as divx4linux, libsndfile, libsamplerate, and polyaudio, but i finally managed to install all of them and now it's upgraded to 1.0.7try2.

No comments:

Post a Comment