Debian Security Advisory
DLA-458-1 mplayer2 -- LTS security update
- Date Reported:
- 05 May 2016
- Affected Packages:
- mplayer2
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-4352.
- More information:
-
Mplayer2 is crashing when playing a fuzzed gif file. The gif demuxes assumes in many places that width*height is <= INT_MAX; this might not be true. Fixed by validating the picture size.
For Debian 7
Wheezy
, these issues have been fixed in mplayer2 version 2.0-554-gf63dbad-1+deb7u1