FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vlc -- arbitrary pointer dereference vulnerability

Affected packages
vlc < 2.2.1_5,4


VuXML ID a0a4e24c-4760-11e5-9391-3c970e169bc2
Discovery 2015-08-20
Entry 2015-08-20

oCERT reports:

The stable VLC version suffers from an arbitrary pointer dereference vulnerability.

The vulnerability affects the 3GP file format parser, insufficient restrictions on a writable buffer can be exploited to execute arbitrary code via the heap memory. A specific 3GP file can be crafted to trigger the vulnerability.

Credit: vulnerability reported by Loren Maggiore of Trail of Bits.


CVE Name CVE-2015-5949