[SCM] mplayer/master: Add CVE-2016-4352.patch to fix CVE-2016-4352 - Mplayer/Mencoder integer overflow parsing gif files. (Closes: #823723)
mati75-guest at users.alioth.debian.org
mati75-guest at users.alioth.debian.org
Sun May 8 18:35:08 UTC 2016
The following commit has been merged in the master branch:
commit 0e4955c6fb56ea86fd6fa26b20923fcdcf61a8ee
Author: Mateusz Łukasik <mati75 at linuxmint.pl>
Date: Sun May 8 20:35:26 2016 +0200
Add CVE-2016-4352.patch to fix CVE-2016-4352 - Mplayer/Mencoder integer overflow parsing gif files. (Closes: #823723)
diff --git a/debian/changelog b/debian/changelog
index 278dc58..f4252dd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,9 @@ mplayer (2:1.3.0-2) UNRELEASED; urgency=medium
* debian/control:
- Add transitional package mplayer2 for upgrades from jessie Jessie.
(Closes: #823589)
+ * debian/patches:
+ - Add CVE-2016-4352.patch to fix CVE-2016-4352 - Mplayer/Mencoder integer
+ overflow parsing gif files. (Closes: #823723)
-- Mateusz Łukasik <mati75 at linuxmint.pl> Sun, 08 May 2016 20:19:11 +0200
diff --git a/debian/patches/CVE-2016-4352.patch b/debian/patches/CVE-2016-4352.patch
new file mode 100644
index 0000000..cfcee47
--- /dev/null
+++ b/debian/patches/CVE-2016-4352.patch
@@ -0,0 +1,26 @@
+Description: Validate image size in demux_gif
+
+Fixes crash with -vo null and overflow.gif
+Reported by Gustavo Grieco
+Debian-Bug: https://bugs.debian.org/823723
+
+--- a/libmpdemux/demux_gif.c
++++ b/libmpdemux/demux_gif.c
+@@ -265,6 +265,17 @@
+ return NULL;
+ }
+
++ // Validate image size, most code in this demuxer assumes w*h <= INT_MAX
++ if ((int64_t)gif->SWidth * gif->SHeight > INT_MAX) {
++ mp_msg(MSGT_DEMUX, MSGL_ERR,
++ "[demux_gif] Unsupported picture size %dx%d.\n", gif->SWidth,
++ gif->SHeight);
++ if (DGifCloseFile(gif) == GIF_ERROR)
++ PrintGifError();
++ free(priv);
++ return NULL;
++ }
++
+ // create a new video stream header
+ sh_video = new_sh_video(demuxer, 0);
+
diff --git a/debian/patches/series b/debian/patches/series
index 9fea944..f4f96be 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,3 +3,4 @@
#0200_Hurd_PATH_MAX.patch
0201_PATH_MAX_HURD.patch
0003_fix_spelling_error_in_binary.patch
+CVE-2016-4352.patch
--
mplayer packaging
More information about the pkg-multimedia-commits
mailing list