The MPlayer package [1] is vulnerable to an arbitrary pointer dereference vulnerability, which can be exploited by malicious remote attackers to compromise a user's system. The vulnerability is caused by the MPlayer libmpdemux (demux_mov.c) library not properly sanitizing certain tags on a MOV file before using them to index an array on the heap. This can be exploited to execute arbitrary commands by opening a specially crafted file.

http://www.securiteam.com/securitynews/5LP0420NFM.html