vlc: crash and potential code execution when processing QuickTime IMA files (CVE-2016-5108)
Buffer overflow in the DecodeAdpcmImaQT function in
modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows
remote
attackers to cause a denial of service (crash) or possibly execute
arbitrary code via a crafted QuickTime IMA file.
References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5108
http://www.openwall.com/lists/oss-security/2016/05/27/3
https://git.videolan.org/?p=vlc.git;a=commit;h=458ed62bbeb9d1bddf7b8df104e14936408a3db9
(from redmine: issue id 5714, created on 2016-06-13, closed on 2016-06-24)
- Relations:
- child #5715 (closed)
- child #5716 (closed)
- child #5717 (closed)
- child #5718 (closed)