MPlayer SAMI Subtitle File Overflow

Added: 09/07/2011
BID: 49149
OSVDB: 74604

Background

MPlayer is an open source media player with support for many operating systems.

Problem

MPlayer does not properly validate the contents of Synchronized Accessible Media Interchange (SAMI) caption files. If a video references a malformed SAMI file, it may trigger a stack overflow.

Resolution

While no official updated binary release has been made, the issue has been corrected in the SVN sourcecode repository as of r33471. Please rebuild MPlayer from source using r33471 or later.

References

http://mplayerhq.hu/pipermail/mplayer-cvslog/2011-May/042075.html
http://labs.mwrinfosecurity.com/files/Advisories/mwri_mplayer-sami-subtitles_2011-08-12.pdf

Limitations

This exploit has been tested against MPlayer Project SMPlayer 0.6.9 on Windows XP SP3 English (DEP OptIn) with KB959426.

Platforms

Windows

Back to exploit index