Arch Linux ASA-201606-21 Critical: VLC Code Execution Threat
Jun 25, 2016
•
LinuxSecurity Advisories
1 min read
Topics Covered
The package vlc before version 2.2.4-1 is vulnerable to arbitrary code execution.
Arch Linux Security Advisory ASA-201606-21 ========================================= Severity: Critical Date : 2016-06-25 CVE-ID : CVE-2016-5108 Package : vlc Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package vlc before version 2.2.4-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 2.2.4-1. # pacman -Syu "vlc>=2.2.4-1" The problem has been fixed upstream in version 2.2.4. Workaround ========= None. Description ========== A buffer overflow has been found in the DecodeAdpcmImaQT() function of VLC's QuickTime IMA decoder. Impact ===== A remote attacker might be able to cause a denial of service or execute arbitrary code on the affected host via a crafted QuickTime IMA file. References ========= https://www.openwall.com/lists/oss-security/2016/05/27/7 https://access.redhat.com/security/cve/CVE-2016-5108
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!