CVE-2016-5108 in Ubuntu

CVE-2016-5108

Priority

Medium

Description

Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c
in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause
a denial of service (crash) or possibly execute arbitrary code via a
crafted QuickTime IMA file.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5108

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825728

Package

Source: vlc (LP Ubuntu Debian)

Upstream:	released (2.2.3-2)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was needs-triage)
Ubuntu 14.04 LTS (Trusty Tahr):	released (2.1.6-0ubuntu14.04.3)
Ubuntu 16.04 LTS (Xenial Xerus):	released (2.2.2-5ubuntu0.16.04.3)
Ubuntu 17.04 (Zesty Zapus):	not-affected (2.2.4-14ubuntu2.1)
Ubuntu 17.10 (Artful Aardvark):	not-affected

Patches:

Upstream:

https://git.videolan.org/?p=vlc.git;a=commit;h=458ed62bbeb9d1bddf7b8df104e14936408a3db9

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2017-12-14 20:06:20 UTC (commit 13907)