Описание
The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an "integer truncation" vulnerability.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-infra-legacy/trusty | DNE | trusty/esm was not-affected |
| lucid | not-affected | |
| precise | not-affected | |
| trusty | not-affected | |
| trusty/esm | not-affected | |
| upstream | needed | |
| utopic | not-affected |
Показывать по
EPSS
6.8 Medium
CVSS2
7.8 High
CVSS3
Связанные уязвимости
The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an "integer truncation" vulnerability.
The GetUpdateFile function in misc/update.c in the Updater in VideoLAN ...
The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an "integer truncation" vulnerability.
EPSS
6.8 Medium
CVSS2
7.8 High
CVSS3