Launchpad.net

CVE 2012-3377

Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted OGG file.

Related bugs and status

CVE-2012-3377 (Candidate) is related to these bugs:

Bug #1020403: <vlc-2.0.2: Ogg Heap buffer overflow & CVE-2012-2396

		In	Importance	Status
1020403	<vlc-2.0.2: Ogg Heap buffer overflow & CVE-2012-2396	vlc (Ubuntu)	Undecided	Fix Released
1020403	<vlc-2.0.2: Ogg Heap buffer overflow & CVE-2012-2396	vlc (Debian)	Unknown	Fix Released
1020403	<vlc-2.0.2: Ogg Heap buffer overflow & CVE-2012-2396	Gentoo Linux	Medium	Unknown
1020403	<vlc-2.0.2: Ogg Heap buffer overflow & CVE-2012-2396	vlc (Ubuntu Precise)	Undecided	New

Bug #1025713: SRU request for VLC 2.0.2/2.0.3

		In	Importance	Status
1025713	SRU request for VLC 2.0.2/2.0.3	vlc (Ubuntu)	High	Fix Released
1025713	SRU request for VLC 2.0.2/2.0.3	vlc (Ubuntu Precise)	High	Fix Released
1025713	SRU request for VLC 2.0.2/2.0.3	vlc (Ubuntu Quantal)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-3377

Related bugs and status

Related bugs

References