Vulnerability Name: | CVE-2016-5108 (CCN-113552) | ||||||||||||||||||||||||||||||||||||
Assigned: | 2016-05-27 | ||||||||||||||||||||||||||||||||||||
Published: | 2016-05-27 | ||||||||||||||||||||||||||||||||||||
Updated: | 2017-07-01 | ||||||||||||||||||||||||||||||||||||
Summary: | Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file. | ||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
5.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-119 | ||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2016-5108 Source: SUSE Type: UNKNOWN openSUSE-SU-2016:1651 Source: CCN Type: oss-sec Mailing List, Fri, 27 May 2016 13:19:03 -0400 (EDT) Re: CVE request: VLC - crash and potential code execution when processing QuickTime IMA files Source: DEBIAN Type: UNKNOWN DSA-3598 Source: BID Type: UNKNOWN 90924 Source: CCN Type: BID-90924 VLC Media Player CVE-2016-5108 Arbitrary Code Execution Vulnerability Source: SECTRACK Type: UNKNOWN 1036009 Source: CCN Type: VideoLAN Web site VLC Media Player Source: CONFIRM Type: Vendor Advisory http://www.videolan.org/security/sa1601.html Source: XF Type: UNKNOWN vlc-cve20165108-code-exec(113552) Source: GENTOO Type: UNKNOWN GLSA-201701-39 Source: CCN Type: WhiteSource Vulnerability Database CVE-2016-5108 | ||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||
BACK |