CVE-2012-3377

Publication date 12 July 2012

Last updated 24 July 2024

Ubuntu priority

Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted OGG file.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
vlc	13.10 saucy	Not affected
	13.04 raring	Not affected
	12.10 quantal	Not affected
	12.04 LTS precise	Fixed 2.0.3-0ubuntu0.12.04.1
	11.10 oneiric	Ignored end of life
	11.04 natty	Ignored end of life
	10.04 LTS lucid	Ignored end of life
	8.04 LTS hardy	Ignored end of life

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e
http://securitytracker.com/id/1027224
https://www.cve.org/CVERecord?id=CVE-2012-3377