Candidate: CVE-2016-5108
PublicDate: 2016-06-08 15:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5108
Description:
 Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c
 in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause
 a denial of service (crash) or possibly execute arbitrary code via a
 crafted QuickTime IMA file.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825728
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_vlc:
 upstream: https://git.videolan.org/?p=vlc.git;a=commit;h=458ed62bbeb9d1bddf7b8df104e14936408a3db9
upstream_vlc: released (2.2.3-2)
precise_vlc: ignored (reached end-of-life)
precise/esm_vlc: DNE (precise was needs-triage)
trusty_vlc: released (2.1.6-0ubuntu14.04.3)
trusty/esm_vlc: DNE (trusty was released [2.1.6-0ubuntu14.04.3])
vivid/stable-phone-overlay_vlc: DNE
vivid/ubuntu-core_vlc: DNE
wily_vlc: ignored (reached end-of-life)
xenial_vlc: released (2.2.2-5ubuntu0.16.04.3)
yakkety_vlc: ignored (reached end-of-life)
zesty_vlc: not-affected (2.2.4-14ubuntu2.1)
devel_vlc: not-affected