Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-5108 — Improper Restriction of Operations within the Bounds of a Memory Buffer in VLC Media Player

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources

Severity

9.8CRITICALNVD

EPSS

20.8%

top 4.38%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Videolan VLC Media Player Debian Linux

Timeline

PublishedJun 8

Latest updateMay 17

Description

Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶Debianvideolan/vlc_media_player< 2.2.3-2+3

▶NVDvideolan/vlc_media_player2.2.3

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-w8h4-xfpc-5gq9: Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm↗2022-05-17

▶

OSV

CVE-2016-5108: Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm↗2016-06-08

▶

CVEList

CVE-2016-5108: Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm↗2016-06-08

▶

💥Exploits & PoCs

Exploit-DB

VideoLAN VLC Media Player 2.2.1 - 'DecodeAdpcmImaQT' Buffer Overflow↗2016-05-27

▶

📋Vendor Advisories

Debian

CVE-2016-5108: vlc - Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in Vid...↗2016

▶