oss-sec mailing list archives

CVE request: Mplayer/Mencoder integer overflow parsing gif files

From: Gustavo Grieco <gustavo.grieco () gmail com>
Date: Fri, 29 Apr 2016 09:38:28 +0200

Hi,

A crash caused by an integer overflow parsing a gif was found in the last
revision of mplayer. It seems to affect older versions too. It was recently
fixed (r37857). Technical details and a reproducer are available here:

https://trac.mplayerhq.hu/ticket/2295
<https://github.com/stedolan/jq/issues/1136>

I verified that this issue affects mencoder, so you should check if you are
using it for conversion of gif files. This crash was found by QuickFuzz.

Regards,
Gustavo.

Current thread:

CVE request: Mplayer/Mencoder integer overflow parsing gif files Gustavo Grieco (Apr 29)
- Re: CVE request: Mplayer/Mencoder integer overflow parsing gif files Gustavo Grieco (Apr 29)
- Re: CVE request: Mplayer/Mencoder integer overflow parsing gif files cve-assign (Apr 29)