oss-sec mailing list archives
Re: CVE request: Mplayer/Mencoder integer overflow parsing gif files
From: cve-assign () mitre org
Date: Fri, 29 Apr 2016 11:08:51 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
A crash caused by an integer overflow parsing a gif was found in the last revision of mplayer. It seems to affect older versions too. It was recently fixed (r37857). Technical details and a reproducer are available here: https://trac.mplayerhq.hu/ticket/2295 I verified that this issue affects mencoder
Fixed in r37857. The gif demuxes assumes in many places that width*height is <= INT_MAX; this is not true with the sample. Fixed by validating the picture size.
Use CVE-2016-4352. This code was added to libmpdemux/demux_gif.c between r37856 and r37857: // Validate image size, most code in this demuxer assumes w*h <= INT_MAX if ((int64_t)gif->SWidth * gif->SHeight > INT_MAX) { mp_msg(MSGT_DEMUX, MSGL_ERR, "[demux_gif] Unsupported picture size %dx%d.\n", gif->SWidth, gif->SHeight); if (DGifCloseFile(gif) == GIF_ERROR) print_gif_error(NULL); free(priv); return NULL; } - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXI3iYAAoJEHb/MwWLVhi2ndcQAIfNBWzI+O+D90r31xFgzNHh q5AYsp+VN48Z6f8Ctp6AVXWoD+I/KHC1AIBc5Pn9/ahDyQ+cv9ejMdizkohu7TpW q4vfeCsmp94pw2w8tKbT4wgI19mdERvWiFe03SD/1xpxaHc6gIZN4+zwmswyIJVq 9UVl6cEbSD/NGDpudTwqNH2Tc6KPfpUTPDh05nHhdEYkoPepemS0E6dHZl0cnV38 qFAF7EvF4h+1pQSfchVdtf58nPu5g7tuR7eudnqnq9g49PZlIOPBKB/cdra7ZON7 eFvZp+0XZ3QtwvDiQ18uAHnobN2RdnonISfimOsd7zYDyoxtAttfOvBRaVRDtTBr U0hfDRA8g/d5JTmeLMcfm1NWG3+0nF90BVYjY7cziAVBAGoj17fo66mw6nM5Jn2A 1T/9Cc/gqzIvlGlVQk/3KObdK0DbZvGxgFxo8pKTzrRo/thAS6Rp30X672pfGH1W DxWhbkJgnU+PmaW+86zrWsnHGqoX++bduSIxo/Y1jjigwetaTgCRHO6nFI0onWex dP0z76DjZ4jBAs7GzsFkv3ck/ZfaQ6MxjXjcR1yYZFeTp3WlD3VIZVuZwohg78wo IR/5QOoQjwoV5nbgH3l2f0h2pvrCJPvQiwbADzZJpklpg45D2Y8EIMtOQy64hZSz 2kFgy6oWuYKbuQf49Wi4 =oaGW -----END PGP SIGNATURE-----
Current thread:
- CVE request: Mplayer/Mencoder integer overflow parsing gif files Gustavo Grieco (Apr 29)
- Re: CVE request: Mplayer/Mencoder integer overflow parsing gif files Gustavo Grieco (Apr 29)
- Re: CVE request: Mplayer/Mencoder integer overflow parsing gif files cve-assign (Apr 29)