CVE-2012-3377

Published: 12 July 2012

Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted OGG file.

Priority

Status

Package	Release	Status
vlc Launchpad, Ubuntu, Debian	hardy	Ignored (end of life)
	lucid	Ignored (end of life)
	natty	Ignored (end of life)
	oneiric	Ignored (end of life)
	precise	Released (2.0.3-0ubuntu0.12.04.1)
	quantal	Not vulnerable (2.0.2-1)
	raring	Not vulnerable (2.0.2-1)
	saucy	Not vulnerable (2.0.2-1)
	upstream	Released (2.0.2-1)

References

http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e
http://securitytracker.com/id/1027224
https://www.cve.org/CVERecord?id=CVE-2012-3377
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680665
https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1025713

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›