Out-of-Bounds The advisory has been revoked - it doesn't affect any version of package vlc  (opens in a new tab)


Threat Intelligence

EPSS
2.58% (91st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UBUNTU1404-VLC-649235
  • published23 Jul 2018
  • disclosed23 Jul 2018

Introduced: 23 Jul 2018

CVE-2018-1999011  (opens in a new tab)
CWE-119  (opens in a new tab)

Amendment

The Ubuntu security team deemed this advisory irrelevant for Ubuntu:14.04.

NVD Description

Note: Versions mentioned in the description apply only to the upstream vlc package and not the vlc package as distributed by Ubuntu.

FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be exploitable via specially crafted ASF file that has to be provided as input to FFmpeg. This vulnerability appears to have been fixed in 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 and later.