Published: 08/06/2016 Updated: 01/07/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player prior to 2.2.4 allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian debian linux 8.0
videolan vlc media player

Debian Bug report logs - #825728 vlc: CVE-2016-5108 Package: src:vlc; Maintainer for src:vlc is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 29 May 2016 10:06:01 UTC Severity: important Tags: patch, security, upstream Found in ve ...

In modules/codec/adpcmc, VLC can be made to perform an out-of-bounds write with user-controlled input The function DecodeAdpcmImaQT at adpcmc:595 allocates a buffer which is filled with bytes from the input stream However, it does not check that the number of channels in the input stream is less than or equal to the size of the buffer, resulti ...

CWE-119 http://www.debian.org/security/2016/dsa-3598 http://www.securitytracker.com/id/1036009 http://www.videolan.org/security/sa1601.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00045.html http://www.securityfocus.com/bid/90924 https://security.gentoo.org/glsa/201701-39 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825728 https://nvd.nist.gov https://www.exploit-db.com/exploits/41025/

CVE-2016-5108

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect