MGASA-2016-0221

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0221.html

Import Source

https://advisories.mageia.org/MGASA-2016-0221.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2016-0221

Related

CVE-2016-5108

Published

2016-06-10T19:06:07Z

Modified

2016-06-10T18:53:21Z

Summary

Updated vlc/mad packages fix security vulnerability

Details

A vulnerability was found in processing QuickTime IMA files. VLC does not check that the number of channels in the input stream is less than or equal to the size of the buffer, resulting in an out-of-bounds write potential for remote code execution via a malicious media file (CVE-2016-5108).

The vlc package has been updated to version 2.2.4, which fixes this issue and other bugs.

Also, the mad package has been patched to fix an out-of-bounds write which could cause VLC or other applications linked to that library to crash on an invalid mp3 file.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / vlc

Package

Name: vlc
Purl: pkg:rpm/mageia/vlc?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.4-1.mga5.tainted

Ecosystem specific

{
    "section": "tainted"
}

Mageia:5 / mad

Package

Name: mad
Purl: pkg:rpm/mageia/mad?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.15.1b-16.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / vlc

Package

Name: vlc
Purl: pkg:rpm/mageia/vlc?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.4-1.mga5

Ecosystem specific

{
    "section": "core"
}