Debian Security Advisory

DLA-457-1 mplayer -- LTS security update

Date Reported:
04 May 2016
Affected Packages:
mplayer
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2016-4352.
More information:

Mplayer is crashing when playing a fuzzed gif file. The gif demuxes assumes in many places that width*height is <= INT_MAX; this might not be true. Fixed by validating the picture size.

For Debian 6 Squeeze, these issues have been fixed in mplayer version 2:1.0~rc4.dfsg1+svn34540-1+deb7u2