Candidate: CVE-2010-3907
PublicDate: 2011-01-03 20:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3907
Description:
 Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN
 VLC Media Player before 1.1.6 allow remote attackers to cause a denial of
 service (application crash) or possibly execute arbitrary code via a zero
 i_subpackets value in a Real Media file, leading to a heap-based buffer
 overflow.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/690173
Priority: low
Discovered-by: Dan Rosenberg
Assigned-to:
CVSS: 

Patches_vlc:
 upstream: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=6568965770f906d34d4aef83237842a5376adb55
upstream_vlc: released (1.1.6)
dapper_vlc: ignored (reached end-of-life)
hardy_vlc: ignored (reached end-of-life)
karmic_vlc: ignored (reached end-of-life)
lucid_vlc: released (1.0.6-1ubuntu1.2)
maverick_vlc: released (1.1.4-1ubuntu1.2)
natty_vlc: not-affected (1.1.6-1ubuntu1)
devel_vlc: not-affected (1.1.6-1ubuntu1)