Debian Security Advisory

DSA-3342-1 vlc -- security update

Date Reported:
20 Aug 2015
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2015-5949.
More information:

Loren Maggiore of Trail of Bits discovered that the 3GP parser of VLC, a multimedia player and streamer, could dereference an arbitrary pointer due to insufficient restrictions on a writable buffer. This could allow remote attackers to execute arbitrary code via crafted 3GP files.

For the stable distribution (jessie), this problem has been fixed in version 2.2.0~rc2-2+deb8u1.

For the unstable distribution (sid), this problem will be fixed shortly.

We recommend that you upgrade your vlc packages.