[3.4] vlc: crash and potential code execution when processing QuickTime IMA files (CVE-2016-5108)
Buffer overflow in the DecodeAdpcmImaQT function in
modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows
remote
attackers to cause a denial of service (crash) or possibly execute
arbitrary code via a crafted QuickTime IMA file.
References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5108
http://www.openwall.com/lists/oss-security/2016/05/27/3
https://git.videolan.org/?p=vlc.git;a=commit;h=458ed62bbeb9d1bddf7b8df104e14936408a3db9
(from redmine: issue id 5715, created on 2016-06-13, closed on 2016-06-24)
- Relations:
- parent #5714 (closed)
- Changesets:
- Revision 413a9261 on 2016-06-23T14:29:49Z:
main/vlc: security upgrade to 2.2.4 (CVE-2016-5108). Fixes #5715