From ${URL} : A crash caused by an integer overflow parsing a gif was found in the last revision of mplayer. It seems to affect older versions too. It was recently fixed (r37857). Technical details and a reproducer are available here: https://trac.mplayerhq.hu/ticket/2295 I verified that this issue affects mencoder, so you should check if you are using it for conversion of gif files. This crash was found by QuickFuzz. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
PR: https://github.com/gentoo/gentoo/pull/4951
this has been merged long ago in mplayer-1.3.0-r3.ebuild; cc'ing arches
An automated check of this bug failed - repoman reported dependency errors: > dependency.bad media-video/mplayer/mplayer-1.3.0-r3.ebuild: DEPEND: arm(default/linux/arm/13.0) ['media-sound/toolame'] > dependency.bad media-video/mplayer/mplayer-1.3.0-r3.ebuild: RDEPEND: arm(default/linux/arm/13.0) ['media-sound/toolame']
Stable on amd64
x86 stable
ia64 stable
ppc/ppc64 stable
hppa stable
arm stable
Stable on alpha.
Downgraded to B3. No PoC for ACE/RCE. @maintainers, please clean the vulnerable versions. GLSA Vote: No
please clean.
tree is clean: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2bdc8cad948e968bc80411e5db3baab5b70c86d4