[v3.0] vlc: suffers from an arbitrary pointer dereference (CVE-2015-5949)
The vulnerability affects the 3GP file format parser, insufficient
restrictions on a writable buffer can be exploited to execute arbitrary
code
via the heap memory. A specific 3GP file can be crafted to trigger the
vulnerability.
Affected version:
VLC <= 2.2.1
Fixed version:
VLC, N/A (see References for patch committed to 2.2.2 branch)
Reference:
(from redmine: issue id 4650, created on 2015-09-21, closed on 2017-01-13)
- Relations:
- copied_to #4649 (closed)
- copied_to #4651 (closed)
- parent #4562 (closed)