GLSA-201701-39 : VLC: Buffer overflow
High Nessus Plugin ID 96543
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201701-39 (VLC: Buffer overflow)
A buffer overflow was discovered in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in the VideoLAN VLC media player.
Remote attackers, by enticing a user to execute a specially crafted QuickTime IMA file, could cause a Denial of Service condition or possibly execute arbitrary code.
There is no known workaround at this time.
SolutionAll VLC users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=media-video/vlc-2.2.4'