Candidate: CVE-2012-3377
PublicDate: 2012-07-12 21:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3377
 http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e
 http://securitytracker.com/id/1027224
Description:
 Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG
 demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2
 allows remote attackers to cause a denial of service (application crash)
 and possibly execute arbitrary code via a crafted OGG file.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680665
 https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1025713
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_vlc:
upstream_vlc: released (2.0.2-1)
hardy_vlc: ignored (reached end-of-life)
lucid_vlc: ignored (reached end-of-life)
natty_vlc: ignored (reached end-of-life)
oneiric_vlc: ignored (reached end-of-life)
precise_vlc: released (2.0.3-0ubuntu0.12.04.1)
quantal_vlc: not-affected (2.0.2-1)
raring_vlc: not-affected (2.0.2-1)
saucy_vlc: not-affected (2.0.2-1)
devel_vlc: not-affected (2.0.2-1)