CVE-2016-3941

Published: 18 April 2016

Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
vlc
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(2.2.2-5)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [2.1.6-0ubuntu14.04.2])
Patches:
Upstream: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=321fa90d585b9ebcb317cf6e575edf2bb952b687