Security Information / 2015 / Security Information -- DSA-3342-1 vlc

Debian Security Advisory

DSA-3342-1 vlc -- security update

Date Reported:

20 Aug 2015

Affected Packages:

vlc

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2015-5949.

More information:

Loren Maggiore of Trail of Bits discovered that the 3GP parser of VLC, a multimedia player and streamer, could dereference an arbitrary pointer due to insufficient restrictions on a writable buffer. This could allow remote attackers to execute arbitrary code via crafted 3GP files.

For the stable distribution (jessie), this problem has been fixed in version 2.2.0~rc2-2+deb8u1.

For the unstable distribution (sid), this problem will be fixed shortly.

We recommend that you upgrade your vlc packages.