[v3.2] vlc: suffers from an arbitrary pointer dereference (CVE-2015-5949)
The vulnerability affects the 3GP file format parser, insufficient
restrictions on a writable buffer can be exploited to execute arbitrary
code
via the heap memory. A specific 3GP file can be crafted to trigger the
vulnerability.
Affected version:
VLC <= 2.2.1
Fixed version:
VLC, N/A (see References for patch committed to 2.2.2 branch)
Reference:
(from redmine: issue id 4563, created on 2015-08-26, closed on 2018-08-23)
- Relations:
- copied_to #4649 (closed)
- parent #4562 (closed)
- Changesets:
- Revision 662de2eb by Natanael Copa on 2015-09-21T09:40:47Z:
main/vlc: security fix for CVE-2015-5949
ref #4562
fixes #4563