VLC arbitrary pointer indirect reference vulnerability (CVE-2015-5949)

VLC arbitrary pointer indirect reference vulnerability (CVE-2015-5949)
VLC arbitrary pointer indirect reference vulnerability (CVE-2015-5949)

Release date:
Updated on:

Affected Systems:

VideoLAN VLC Media Player <= 2.2.1

Description:

CVE (CAN) ID: CVE-2015-5949

VLC Media Player is an open-source multimedia Player and streaming Media server.

The implementation of VLC 2.2.1 and earlier versions has the arbitrary pointer indirect reference vulnerability, which affects the 3GP file format parser. The invalid write buffer limit allows attackers to use heap memory, execute any code.

<* Source: Loren Maggiore

Link: http://www.securityfocus.com/archive/1/archive/1/536287/100/0/threaded
*>

Suggestion:

Vendor patch:

VideoLAN
--------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Https://git.videolan.org /? P = vlc/vlc-2.2.git; a = commitdiff; h = ce91452460a75
D7424b165c4dc8db98114c3cbd9; hp = 9e12195d3e4415278af1fa4bcb6a705ff27456fd

Install the latest version of VLC2.0.2 on Ubuntu 12.04

How to install VLC 2.2.0 on Ubuntu 14.04

Install VLC on yum in CentOS 6.5

Ubuntu 14.04 tips: display notifications of VLC (VLC media player)

Fedora 22 How do users install VLC media player

For details about VLC media player, click here
VLC media player: click here

This article permanently updates the link address: