-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : mplayer2 Version : 2.0-554-gf63dbad-1+deb7u1 CVE ID : CVE-2016-4352
Mplayer2 is crashing when playing a fuzzed gif file. The gif demuxes assumes in many places that width*height is <= INT_MAX; this might not be true. Fixed by validating the picture size. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQJ8BAEBCgBmBQJXK1J0XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHzisP/39GX1bhdDp4B+YKTd5ntcbr Rku1wMK7ZQN0twb4qezLY5/yYMTzZfwdB0yVzlKu6YDDiVcHs/hsMQg6mNMCwdCT 5ovh/qYxXSNGGeL6WInlcek38/rT9E1L+VlP2OG7FtM8Y/Oy0fr7YHxbM7AtFDKd 2JgatXRukgzNvehAs/rXLhhe8W7hng2Poh4HqLlMlkYEO8Y32pvOnHFJAOv4Vreq ScYLC4SSurnIeXphS4YYnwgCUOk5z9aWcdgS8wCsYXNaskIC379Q+7qZVyeW4GS+ p58wCcQ0AcZ4fRN9yIN7mzkAo2FOVj5Hl3g2v/R0evycj1EPfkZ60vn3m5n7wKpb Xv7ezEWQjwz8PSxISL4W7p8m2qVtRz+R3IudXZlkHwWp6P3lMoPTgUekK/S5Sakm aJPklKdwi7P3qr9DrsC5hrDFR/qDuqhsR7nnboz9kjxvRmoQsGQyjJiVo/+h/ane tYkCtjHRfRVCJvyboRkb8ugSmW7j0BA4RoFzpMjiWiFH+mzATBPhIrSgZrmwEZeS dpsQtHhBGquohhRlj1+yP6KlQDhFipc3eQeBNodoHqfZoBZYOq7JBH1ftlPVKJFk mBNnSWWAxnpKSg4woFw8VjYb1hoQ0af5CdZQtW/BpznC5Q3/WZ2zk4OVnxnkXaZu o4CFIujotLtVgycQbPO7 =ngXt -----END PGP SIGNATURE-----