-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : mplayer Version : 2:1.0~rc4.dfsg1+svn34540-1+deb7u2 CVE ID : CVE-2016-4352
Mplayer is crashing when playing a fuzzed gif file. The gif demuxes assumes in many places that width*height is <= INT_MAX; this might not be true. Fixed by validating the picture size. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQJ8BAEBCgBmBQJXKmDhXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHKJUQAKqa0Gsb2K1zRZs2gfuxrGr7 ioIpppE2tSpdv81FZpW79CGSJL2Id4/jdYIUXgVep+RdUehznQuevsalkGXP4RNx C6yyB70rQ83pNO9kQ81F9muzFjns2zrVPA72oov+bXqBQlmlhMXH8R91Vc8brB/2 UAyMP7PQ9piaT/8VZfcXNnWE1EWvsa13uf7lB24XWVV88wyOKy2Sw469uAC0JEqF IuE8TvmPjK1RwBCaGHJO4UrNO3owJUm91XiG8SXl3K/ik+5lJEE3bPBBkxygikpA DmMpDXmB1g7iMlSf9hpS5gdpiNWeHD+5ZBz6H04VpL3g7GrqykzJf3sbiNT6ssjQ vSLLGSCAn6jSZ3tuIrSOXjdIFnPf7e/vX1aZ3WjQ6i8JK7ca4TFaRRBiS5spflFo hBAeOuzXgESlrP2GultUrOFcdmvwrnrkDVPpTFez8tMP9RUi2GelqL0itAyQhWcO f4nNBACc1lNHhxjSEi2Icy2Weu6IEZy4o07VquwfLU8iYf5/RqH8UoE2AqEyvkrF QCiErzFdFpbPgloIevAFKEPh/oI2TSB+DBb9XpZ0NNhwvZVOpDM1JsDqEJjYrvt2 KeGRZtVur/rN5nuPVyP6+YyhsN6FdlzFjre5+cLsmSwuLVMCVPrYEQhaU8OzmZ1S sveSSWJidJJBKROTUcns =zsUn -----END PGP SIGNATURE-----