Ylzs

**Name of the Vulnerable Software and Affected Versions** mplayer versions SVN-r38374-13.0.1 mencoder versions SVN-r38374-13.0.1 **Description** The issue is related to a Buffer Overflow via the `mov build index()` function of `libmpdemux/demux mov.c`. This is a general information about the problem, and no specific details about the number of affected devices or real-world incidents are provided. **Recommendations** For mplayer version SVN-r38374-13.0.1, consider disabling the `mov build index()` function as a temporary workaround until a patch is available. For mencoder version SVN-r38374-13.0.1, consider disabling the `mov build index()` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** mplayer versions SVN-r38374-13.0.1 mencoder versions SVN-r38374-13.0.1 **Description** The issue is related to a Buffer Overflow vulnerability via the `play()` function of libaf/af.c:639. **Recommendations** For mplayer version SVN-r38374-13.0.1, consider disabling the `play()` function as a temporary workaround until a patch is available. For mencoder version SVN-r38374-13.0.1, restrict the use of the `play()` function in libaf/af.c to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** mplayer versions SVN-r38374-13.0.1 mencoder versions SVN-r38374-13.0.1 **Description** The issue is related to a Buffer Overflow via the `read avi header()` function of `libmpdemux/aviheader.c`. This can potentially allow an attacker to cause a denial of service. **Recommendations** For mplayer version SVN-r38374-13.0.1, consider disabling the `read avi header()` function until a patch is available. For mencoder version SVN-r38374-13.0.1, consider disabling the `read avi header()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MPlayer versions SVN-r38374-13.0.1 **Description** The issue is related to memory corruption via the function `free mp image()` of `libmpcodecs/mp image.c` and also involves the `mov build index()` function, which is associated with a buffer overflow. This can potentially allow an attacker to cause a denial of service. **Recommendations** For version SVN-r38374-13.0.1, consider disabling the `free mp image()` function as a temporary workaround until a patch is available. Restrict access to the `mov build index()` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.