The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Vlc_media_player | Videolan | * | 2.1.2 (including) |
| Vlc_media_player | Videolan | 1.0.0 (including) | 1.0.0 (including) |
| Vlc_media_player | Videolan | 1.0.1 (including) | 1.0.1 (including) |
| Vlc_media_player | Videolan | 1.0.2 (including) | 1.0.2 (including) |
| Vlc_media_player | Videolan | 1.0.3 (including) | 1.0.3 (including) |
| Vlc_media_player | Videolan | 1.0.4 (including) | 1.0.4 (including) |
| Vlc_media_player | Videolan | 1.0.5 (including) | 1.0.5 (including) |
| Vlc_media_player | Videolan | 1.0.6 (including) | 1.0.6 (including) |
| Vlc_media_player | Videolan | 1.1.0 (including) | 1.1.0 (including) |
| Vlc_media_player | Videolan | 1.1.1 (including) | 1.1.1 (including) |
| Vlc_media_player | Videolan | 1.1.2 (including) | 1.1.2 (including) |
| Vlc_media_player | Videolan | 1.1.3 (including) | 1.1.3 (including) |
| Vlc_media_player | Videolan | 1.1.4 (including) | 1.1.4 (including) |
| Vlc_media_player | Videolan | 1.1.4.1 (including) | 1.1.4.1 (including) |
| Vlc_media_player | Videolan | 1.1.5 (including) | 1.1.5 (including) |
| Vlc_media_player | Videolan | 1.1.6 (including) | 1.1.6 (including) |
| Vlc_media_player | Videolan | 1.1.6.1 (including) | 1.1.6.1 (including) |
| Vlc_media_player | Videolan | 1.1.7 (including) | 1.1.7 (including) |
| Vlc_media_player | Videolan | 1.1.8 (including) | 1.1.8 (including) |
| Vlc_media_player | Videolan | 1.1.9 (including) | 1.1.9 (including) |
| Vlc_media_player | Videolan | 1.1.10 (including) | 1.1.10 (including) |
| Vlc_media_player | Videolan | 1.1.10.1 (including) | 1.1.10.1 (including) |
| Vlc_media_player | Videolan | 1.1.11 (including) | 1.1.11 (including) |
| Vlc_media_player | Videolan | 1.1.12 (including) | 1.1.12 (including) |
| Vlc_media_player | Videolan | 1.1.13 (including) | 1.1.13 (including) |
| Vlc_media_player | Videolan | 2.0.0 (including) | 2.0.0 (including) |
| Vlc_media_player | Videolan | 2.0.1 (including) | 2.0.1 (including) |
| Vlc_media_player | Videolan | 2.0.2 (including) | 2.0.2 (including) |
| Vlc_media_player | Videolan | 2.0.3 (including) | 2.0.3 (including) |
| Vlc_media_player | Videolan | 2.0.4 (including) | 2.0.4 (including) |
| Vlc_media_player | Videolan | 2.0.5 (including) | 2.0.5 (including) |
| Vlc_media_player | Videolan | 2.0.6 (including) | 2.0.6 (including) |
| Vlc_media_player | Videolan | 2.0.7 (including) | 2.0.7 (including) |
| Vlc_media_player | Videolan | 2.0.8 (including) | 2.0.8 (including) |
| Vlc_media_player | Videolan | 2.0.9 (including) | 2.0.9 (including) |
| Vlc_media_player | Videolan | 2.1.0 (including) | 2.1.0 (including) |
| Vlc_media_player | Videolan | 2.1.1 (including) | 2.1.1 (including) |
| Vlc | Ubuntu | devel | * |
| Vlc | Ubuntu | esm-apps/xenial | * |
| Vlc | Ubuntu | lucid | * |
| Vlc | Ubuntu | precise | * |
| Vlc | Ubuntu | quantal | * |
| Vlc | Ubuntu | saucy | * |
| Vlc | Ubuntu | trusty | * |
| Vlc | Ubuntu | trusty/esm | * |
| Vlc | Ubuntu | upstream | * |
| Vlc | Ubuntu | utopic | * |
| Vlc | Ubuntu | vivid | * |
| Vlc | Ubuntu | wily | * |
| Vlc | Ubuntu | xenial | * |
| Vlc | Ubuntu | yakkety | * |
| Vlc | Ubuntu | zesty | * |
References
- http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git%3Ba=commitdiff%3Bh=98787d0843612271e99d62bee0dfd8197f0cf404
- http://www.elsherei.com/?p=269
- https://security.gentoo.org/glsa/201603-08
- https://trac.videolan.org/vlc/ticket/10482
- http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git%3Ba=commitdiff%3Bh=98787d0843612271e99d62bee0dfd8197f0cf404
- http://www.elsherei.com/?p=269
- https://security.gentoo.org/glsa/201603-08
- https://trac.videolan.org/vlc/ticket/10482