PatchSiren cyber security CVE debrief
CVE-2016-4352 Libavformat Project CVE debrief
CVE-2016-4352 is a denial-of-service flaw in GIF demuxing. The supplied description says large GIF dimensions can trigger an integer overflow in libmpdemux/demux_gif.c and crash MPlayer, while NVD maps the issue to libavformat_project:libavformat and rates it as a high-availability impact bug. In practice, anyone shipping affected media parsing code should treat this as a malformed-image input bug that can terminate the process when a crafted GIF is opened.
- Vendor
- Libavformat Project
- Product
- CVE-2016-4352
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-03
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-03
- Advisory updated
- 2026-05-13
Who should care
Teams that ship or operate media players, transcoding tools, desktop apps, or libraries that parse GIF files from untrusted sources. Package maintainers and downstream distributors using affected MPlayer/libavformat code should also care, because the flaw can be triggered during ordinary file handling rather than privileged actions.
Technical summary
The issue is an integer overflow (CWE-190) in GIF demuxing. Per NVD, the CVSS 3.0 vector is AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, indicating a local/file-opening scenario that requires user interaction and can result in process crash or denial of service. The source corpus is slightly inconsistent on component naming: the CVE description points to MPlayer's libmpdemux/demux_gif.c, while the NVD CPE marks libavformat_project:libavformat affected up to version 57.34.103.
Defensive priority
Medium
Recommended defensive actions
- Update to a vendor-fixed release or downstream package that is known to include the GIF demux overflow fix; NVD marks libavformat versions up to 57.34.103 as affected.
- Verify whether your products bundle MPlayer or libavformat GIF parsing code and inventory any deployments that open untrusted GIF files.
- Reduce exposure by limiting automatic parsing of externally supplied media and by isolating media-processing workloads where feasible.
- Treat malformed image files as untrusted input in testing and regression coverage, including oversized GIF dimensions and boundary cases.
- Monitor distro or vendor advisories tied to the Openwall oss-security report and MPlayer issue 2295 for fix guidance.
Evidence notes
The debrief is grounded in the supplied NVD record and linked references. The CVE description states that large dimensions in a GIF can cause an integer overflow in MPlayer's libmpdemux/demux_gif.c, and NVD assigns CWE-190. NVD's CVSS vector is AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, and its CPE criteria mark libavformat_project:libavformat versions through 57.34.103 as vulnerable. The corpus also contains an Openwall oss-security post and an MPlayer issue tracker entry, which support the advisory context. The source data is inconsistent on product naming, so that discrepancy is called out rather than resolved beyond the supplied evidence.
Official resources
-
CVE-2016-4352 CVE record
CVE.org
-
CVE-2016-4352 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Mailing List, Third Party Advisory
-
Source reference
[email protected] - Issue Tracking
Publicly disclosed in the supplied sources via an Openwall oss-security post dated 2016-04-29, with the NVD CVE record published on 2017-02-03 and later modified on 2026-05-13.