CVE-2014-1684

Published: 03 March 2014

The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file.

Priority

Low

Status

Package Release Status
vlc
Launchpad, Ubuntu, Debian
Upstream
Released (2.1.4-1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.1.4-1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [2.1.4-0ubuntu14.04.1])
Patches:
Upstream: http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git;a=commitdiff;h=98787d0843612271e99d62bee0dfd8197f0cf404