Candidate: CVE-2016-3941
PublicDate: 2016-04-18 15:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3941
Description:
 Buffer overflow in the AStreamPeekStream function in input/stream.c in
 VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a
 denial of service (crash) via a crafted wav file, related to "seek across
 EOF."
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/bugs/1533633
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]

Patches_vlc:
 upstream: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=321fa90d585b9ebcb317cf6e575edf2bb952b687
upstream_vlc: needs-triage
precise_vlc: ignored (reached end-of-life)
precise/esm_vlc: DNE (precise was needed)
trusty_vlc: released (2.1.6-0ubuntu14.04.2)
trusty/esm_vlc: DNE (trusty was released [2.1.6-0ubuntu14.04.2])
vivid/stable-phone-overlay_vlc: DNE
vivid/ubuntu-core_vlc: DNE
wily_vlc: not-affected (2.2.1-3)
xenial_vlc: not-affected (2.2.2-5)
yakkety_vlc: not-affected (2.2.2-5build1)
zesty_vlc: not-affected (2.2.2-5build1)
devel_vlc: not-affected (2.2.2-5build1)