Описание
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 2.2.0~rc2-2 |
| esm-apps/xenial | not-affected | 2.2.0~rc2-2 |
| esm-infra-legacy/trusty | DNE | trusty/esm was not-affected [2.1.6-0ubuntu14.04.1] |
| lucid | ignored | end of life |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| trusty | released | 2.1.6-0ubuntu14.04.1 |
| trusty/esm | released | 2.1.6-0ubuntu14.04.1 |
| upstream | released | 2.1.6,2.2.0 |
| utopic | released | 2.2.0-0ubuntu0.14.10.1 |
Показывать по
Ссылки на источники
EPSS
6.8 Medium
CVSS2
7.8 High
CVSS3
Связанные уязвимости
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7.
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in Video ...
The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7.
Уязвимость демультиплексора MP4 программы-медиапроигрывателя VideoLAN VLC, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
EPSS
6.8 Medium
CVSS2
7.8 High
CVSS3