VDB
GCVE-110-MAGEIA-2015-95
GCVE-110-MAGEIA-2015-95
Advisory Published
Updated vlc packages (2.1.6) are an upgrade with some fixes. Some of the
problems fixed upstream were already fixed by a previous Mageia update
to VLC (see the link to MGASA-2015-0053).
VLC versions before 2.1.5 contain a vulnerability in the transcode module
that may allow a corrupted stream to overflow buffers on the heap. With a
non-malicious input, this could lead to heap corruption and a crash.
However, under the right circumstances, a malicious attacker could
potentially use this vulnerability to hijack program execution, and on
some platforms, execute arbitrary code (CVE-2014-6440)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | ldetect-lst | 0 (affected), 0.1.346-1.mga5 (unaffected) | — |
| Mageia | vlc | 0 (affected), 2.1.6-1.0.mga4 (unaffected), 2.1.6-1.0.mga4.tainted (unaffected), 0 (affected), 0 (affected), 2.1.6-1.0.mga4.tainted (unaffected), 2.1.6-1.0.mga4 (unaffected), 0 (affected) | — |
| Mageia | fglrx | 0 (affected), 15.200.1046-1.1.mga5.nonfree (unaffected) | — |
| Mageia | kmod-fglrx | 0 (affected), 15.200.1046-1.1.mga5.nonfree (unaffected) | — |
Aliases
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.