CVE-2016-4352 — Integer Overflow or Wraparound in Mplayer

CWE-190 — Integer Overflow or Wraparound4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 57.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mplayer Debian Mplayer Libavformat Project Libavformat

Timeline

PublishedFeb 3

Latest updateMay 17

Description

Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer allows remote attackers to cause a denial of service (crash) via large dimensions in a gif file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/mplayer< mplayer 2:1.3.0-2 (bookworm)

▶Debianmplayer/mplayer< 2:1.3.0-2+3

▶NVDlibavformat_project/libavformat57.34.103

🔴Vulnerability Details

GHSA

GHSA-px8p-3wpv-m92r: Integer overflow in the demuxer function in libmpdemux/demux_gif↗2022-05-17

▶

OSV

CVE-2016-4352: Integer overflow in the demuxer function in libmpdemux/demux_gif↗2017-02-03

▶

📋Vendor Advisories

Debian

CVE-2016-4352: mplayer - Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer al...↗2016

▶