Debian Security Advisory
DSA-3342-1 vlc -- security update
- Date Reported:
- 20 Aug 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-5949.
- More information:
Loren Maggiore of Trail of Bits discovered that the 3GP parser of VLC, a multimedia player and streamer, could dereference an arbitrary pointer due to insufficient restrictions on a writable buffer. This could allow remote attackers to execute arbitrary code via crafted 3GP files.
For the stable distribution (jessie), this problem has been fixed in version 2.2.0~rc2-2+deb8u1.
For the unstable distribution (sid), this problem will be fixed shortly.
We recommend that you upgrade your vlc packages.