CVE-2006-1502

Name of the Vulnerable Software and Affected Versions: MPlayer version 1.0pre7try2

Description: The issue concerns multiple integer overflows that can be triggered by remote attackers, leading to a denial of service and potentially heap-based buffer overflows. This can occur through two main vectors: (1) a specially crafted ASF file that, when handled by the asfheader.c component, causes the asf descrambling function to receive a negative integer after a char to int conversion, or (2) an AVI file with specifically crafted values for wLongsPerEntry or nEntriesInUse in the indx chunk, handled in aviheader.c.

Recommendations: For MPlayer version 1.0pre7try2, consider updating to a newer version that addresses these integer overflows, as using outdated versions may expose users to denial of service and buffer overflow risks. As a temporary workaround, consider restricting the handling of ASF and AVI files until a patch is available.