Your submission was sent successfully! Close

CVE-2016-4352

Published: 3 February 2017

Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer allows remote attackers to cause a denial of service (crash) via large dimensions in a gif file.

From the Ubuntu security team

It was discovered that MPlayer incorrectly handled certain gif files. An attacker could possibly use this issue to cause a denial of service.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
mplayer
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(2:1.3.0-2)
precise Does not exist
(precise was released [2:1.0~rc4.dfsg1+svn34540-1+deb7u2build0.12.04.1])
trusty Does not exist
(trusty was released [2:1.1+dfsg1-0ubuntu3.1])
upstream
Released (2:1.0~rc4.dfsg1+svn34540-1+deb7u2, 2:1.3.0-2)
wily Does not exist

xenial
Released (2:1.2.1-1ubuntu1.1)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)