-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2728-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb August 03, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : vlc Version : 3.0.11-0+deb9u2 CVE IDs : CVE-2021-25801 CVE-2021-25802 CVE-2021-25803 CVE-2021-25804 It was discovered that there were a number of issues in VideoLAN (aka 'vlc', a popular video and multimedia player: - - CVE-2021-25801: A buffer overflow vulnerability in the __Parse_indx component allowed attackers to cause an out-of-bounds read via a crafted .avi file. - - CVE-2021-25802: A buffer overflow vulnerability in the AVI_ExtractSubtitle component could have allowed attackers to cause an out-of-bounds read via a crafted .avi file. - - CVE-2021-25803: A buffer overflow vulnerability in the vlc_input_attachment_New component allowed attackers to cause an out-of-bounds read via a specially-crafted .avi file. - - CVE-2021-25804: A NULL-pointer dereference in "Open" in avi.c can result in a denial of service (DoS) vulnerability. For Debian 9 "Stretch", these problems have been fixed in version 3.0.11-0+deb9u2. We recommend that you upgrade your vlc packages. For the detailed security status of vlc, please refer to its security tracker page at: https://security-tracker.debian.org/tracker/vlc Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmEJQ8QACgkQHpU+J9Qx Hlh43Q/+I1O/j1aj/JRS80XNb2z7DrNuB1Ggay1PHLYgXGjSvNrokcvOF0j0fFHU YE9y6P/7/360f6gR/Y/DaVT+pjUfunAtxg6ojIRgHc8II2WHMlFR/xuQGNPH0wEU j5nUXNvJvty/7lD/gVNzEeFpjj6pNATsUQlO5QzUjwn2FDeHQGU5DMHVM3uGTTw2 WYM9zP/QbaPs3jL+TMN/rAvhlLd7COSHozcM9ooP60RhrM+NQMZZ52Xju4zEvurr akF0vmSl2y5SI9HXV3CVxcJnh5RpPG1CMAjmqZCWgrhTOlpT80m4dwn/+U282820 xqVcF/f8lsRjlv/Ri/UEU9C53ox3swpcNQQHF+PtVBIVfC25eABIcFERjdwsogL8 ON5rE8xj3JM2wcV5bY+CH9B0qsBGIVncY5BeOhrOWOKuxLgkjbygJlAma8D4SMRf xkDb814w9X2Lxlf65tp11zJVbZxgDhjZVGkXbZjx75ZqCdtAySrEqRQrITQusabG Sa5G1e23j/kfEWomBSG8vBgtW79hQXrPzS4z3/8+2qFreYZlG9yA/DtGzM9Tj4TW i0LMjODzO/eleGvLvs7nJtirIaDvgKzo6IlqnPd21SC3ocRRTTJMCB9qoGUAnZ3T NaGE9P7H2WFmLxgi8AQ400pMyACI8GNB+GU9NyUrhsaHd8pvGc0= =hdF4 -----END PGP SIGNATURE-----
