Debian Security Advisory

DLA-458-1 mplayer2 -- LTS security update

Date Reported:
05 May 2016
Affected Packages:
mplayer2
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2016-4352.
More information:

Mplayer2 is crashing when playing a fuzzed gif file. The gif demuxes assumes in many places that width*height is <= INT_MAX; this might not be true. Fixed by validating the picture size.

For Debian 6 Squeeze, these issues have been fixed in mplayer2 version 2.0-554-gf63dbad-1+deb7u1