Bugzilla – Bug 866611
VUL-0: CVE-2014-1684: vlc: ASF_ReadObject_file_properties denial of service
Last modified: 2014-03-04 06:09:38 UTC
CVE-2014-1684, via NVD DB
The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file.
We already have VLC 2.1.3 in the update channel;
The changelog of this version contains:
- Fix divide by 0 on ASF/WMV parsing
Which is the change described in the git commit referenced in comment #0;
so I'd say we are safe to close that already; agree?
yes, please do
bugbot adjusting priority
Bugs are fixed faster than you can report them;
This specific fix was included in the maintenance update to 2.1.3, which has already been done for 13.1.
13.1 at this moment is the only product shipping vlc.