CVE-2013-1954

Publication date 10 July 2013

Last updated 24 July 2024

Ubuntu priority

The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player 2.0.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ASF movie that triggers an out-of-bounds read.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
vlc	13.10 saucy	Not affected
	13.04 raring	Not affected
	12.10 quantal	Fixed 2.0.8-0ubuntu0.12.10.1
	12.04 LTS precise	Fixed 2.0.8-0ubuntu0.12.04.1
	11.10 oneiric	Ignored
	10.04 LTS lucid	Ignored
	8.04 LTS hardy	Ignored

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
vlc	Upstream: http://git.videolan.org/?p=vlc.git;a=commit;h=b31ce523331aa3a6e620b68cdfe3f161d519631e

References

MITRE
NVD
Launchpad
Debian

Other references

http://www.videolan.org/security/sa1302.html
https://www.cve.org/CVERecord?id=CVE-2013-1954