KLA10791Buffer overflow vulnerability in VLC media player
2016-04-18T00:00:00
ID KLA10791 Type kaspersky Reporter Kaspersky Lab Modified 2019-03-07T00:00:00
Description
Detect date:
04/18/2016
Severity:
Warning
Description:
Buffer overflow vulnerability was found in VLC media player. By exploiting this vulnerability malicious users can cause a denial of service (crash). This vulnerability can be exploited remotely via a crafted wav file.
{"id": "KLA10791", "bulletinFamily": "info", "title": "\r KLA10791Buffer overflow vulnerability in VLC media player ", "description": "### *Detect date*:\n04/18/2016\n\n### *Severity*:\nWarning\n\n### *Description*:\nBuffer overflow vulnerability was found in VLC media player. By exploiting this vulnerability malicious users can cause a denial of service (crash). This vulnerability can be exploited remotely via a crafted wav file.\n\n### *Affected products*:\nVideoLAN VLC media player versions earlier 2.2.0\n\n### *Solution*:\nUpdate to the latest version \n[Download page with latest version of VLC media player](<http://www.videolan.org/vlc/>)\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[VLC media player](<https://threats.kaspersky.com/en/product/VLC-media-player/>)\n\n### *CVE-IDS*:\n[CVE-2016-3941](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3941>)4.3Warning", "published": "2016-04-18T00:00:00", "modified": "2019-03-07T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA10791", "reporter": "Kaspersky Lab", "references": [], "cvelist": ["CVE-2016-3941"], "type": "kaspersky", "lastseen": "2019-03-21T00:15:28", "history": [{"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2016-3941"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "### *CVSS*:\n4.3\n\n### *Detect date*:\n04/18/2016\n\n### *Severity*:\nWarning\n\n### *Description*:\nBuffer overflow vulnerability was found in VLC media player. By exploiting this vulnerability malicious users can cause a denial of service (crash). This vulnerability can be exploited remotely via a crafted wav file.\n\n### *Affected products*:\nVideoLAN VLC media player versions earlier 2.2.0\n\n### *Solution*:\nUpdate to the latest version \n[Download page with latest version of VLC media player](<http://www.videolan.org/vlc/>)\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[VLC media player](<https://threats.kaspersky.com/en/product/VLC-media-player/>)\n\n### *CVE-IDS*:\n[CVE-2016-3941](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3941>)", "edition": 6, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "hash": "71122f9aa2ac072df1f07b9df724175c35f2008798e05354bf36de965db3afe9", "hashmap": [{"hash": "151bc6567d5236f63794346f9bd2ad88", "key": "description"}, {"hash": "44891723733bba6dfde3c7abcb5fd3ab", "key": "title"}, {"hash": "006c983ef7a1687b967da0e2d8fa6615", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "f0fc374e5e2d2f4c44811a329d7f2ce1", "key": "href"}, {"hash": "2d5b44735d470318a5fbc22d7068d5ca", "key": "modified"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "3873c836ae45fd496c2b40bae50467ed", "key": "cvss"}, {"hash": "d85eb9a86b89fb1c1dcf7dbb6a9f02d1", "key": "type"}, {"hash": "eaaf44bb3c5c5359f816b0006c15db98", "key": "published"}, {"hash": "c7d33ff7b19a6a933a6f8c682a1e11aa", "key": "reporter"}], "history": [], "href": "https://threats.kaspersky.com/en/vulnerability/KLA10791", "id": "KLA10791", "lastseen": "2018-03-30T14:11:19", "modified": "2016-05-05T00:00:00", "objectVersion": "1.3", "published": "2016-04-18T00:00:00", "references": [], "reporter": "Kaspersky Lab", "title": "\r KLA10791Buffer overflow vulnerability in VLC media player\t\t\t ", "type": "kaspersky", "viewCount": 0}, "differentElements": ["modified", "title"], "edition": 6, "lastseen": "2018-03-30T14:11:19"}, {"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2016-3941"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "### *CVSS*:\n4.3\n\n### *Detect date*:\n04/18/2016\n\n### *Severity*:\nWarning\n\n### *Description*:\nBuffer overflow vulnerability was found in VLC media player. By exploiting this vulnerability malicious users can cause a denial of service (crash). This vulnerability can be exploited remotely via a crafted wav file.\n\n### *Affected products*:\nVideoLAN VLC media player versions earlier 2.2.0\n\n### *Solution*:\nUpdate to the latest version \n[Download page with latest version of VLC media player](<http://www.videolan.org/vlc/>)\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[VLC media player](<https://threats.kaspersky.com/en/product/VLC-media-player-2/>)\n\n### *CVE-IDS*:\n[CVE-2016-3941](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3941>)", "edition": 4, "enchantments": {"score": {"modified": "2017-12-19T15:10:05", "value": 7.5}}, "hash": "774a7aabd784bbd652317ec25f8b9a31d35f77624d19539b781887e93ba9572d", "hashmap": [{"hash": "073ba26180f0c07706b596887b03bc6b", "key": "title"}, {"hash": "006c983ef7a1687b967da0e2d8fa6615", "key": "cvelist"}, {"hash": "f562855d27b3d4fc449f68356a3fd2f3", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "f0fc374e5e2d2f4c44811a329d7f2ce1", "key": "href"}, {"hash": "2d5b44735d470318a5fbc22d7068d5ca", "key": "modified"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "3873c836ae45fd496c2b40bae50467ed", "key": "cvss"}, {"hash": "d85eb9a86b89fb1c1dcf7dbb6a9f02d1", "key": "type"}, {"hash": "eaaf44bb3c5c5359f816b0006c15db98", "key": "published"}, {"hash": "c7d33ff7b19a6a933a6f8c682a1e11aa", "key": "reporter"}], "history": [], "href": "https://threats.kaspersky.com/en/vulnerability/KLA10791", "id": "KLA10791", "lastseen": "2017-12-19T15:10:05", "modified": "2016-05-05T00:00:00", "objectVersion": "1.3", "published": "2016-04-18T00:00:00", "references": [], "reporter": "Kaspersky Lab", "title": "\r KLA10791\nBuffer overflow vulnerability in VLC media player\t\t\t ", "type": "kaspersky", "viewCount": 0}, "differentElements": ["title"], "edition": 4, "lastseen": "2017-12-19T15:10:05"}, {"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2016-3941"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "### *CVSS*:\n4.3\n\n### *Detect date*:\n04/18/2016\n\n### *Severity*:\nWarning\n\n### *Description*:\nBuffer overflow vulnerability was found in VLC media player. By exploiting this vulnerability malicious users can cause a denial of service (crash). This vulnerability can be exploited remotely via a crafted wav file.\n\n### *Affected products*:\nVideoLAN VLC media player versions earlier 2.2.0\n\n### *Solution*:\nUpdate to the latest version \n[Download page with latest version of VLC media player](<http://www.videolan.org/vlc/>)\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[VLC media player](<https://threats.kaspersky.com/en/product/VLC-media-player/>)\n\n### *CVE-IDS*:\n[CVE-2016-3941](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3941>)", "edition": 30, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "hash": "06e8d2f98b72f8bca783264b07ce1262648d98f1607fb2bb8b87353c3209368b", "hashmap": [{"hash": "151bc6567d5236f63794346f9bd2ad88", "key": "description"}, {"hash": "f5e862bb7e373981ead01ae7779f6925", "key": "title"}, {"hash": "006c983ef7a1687b967da0e2d8fa6615", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "f0fc374e5e2d2f4c44811a329d7f2ce1", "key": "href"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "3873c836ae45fd496c2b40bae50467ed", "key": "cvss"}, {"hash": "d85eb9a86b89fb1c1dcf7dbb6a9f02d1", "key": "type"}, {"hash": "20b353d8ba2a98b2825be3dfb021c6d5", "key": "modified"}, {"hash": "eaaf44bb3c5c5359f816b0006c15db98", "key": "published"}, {"hash": "c7d33ff7b19a6a933a6f8c682a1e11aa", "key": "reporter"}], "history": [], "href": "https://threats.kaspersky.com/en/vulnerability/KLA10791", "id": "KLA10791", "lastseen": "2019-01-14T08:07:30", "modified": "2019-01-04T00:00:00", "objectVersion": "1.3", "published": "2016-04-18T00:00:00", "references": [], "reporter": "Kaspersky Lab", "title": "\r KLA10791Buffer overflow vulnerability in VLC media player ", "type": "kaspersky", "viewCount": 29}, "differentElements": ["modified"], "edition": 30, "lastseen": "2019-01-14T08:07:30"}, {"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2016-3941"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "### *CVSS*:\n4.3\n\n### *Detect date*:\n04/18/2016\n\n### *Severity*:\nWarning\n\n### *Description*:\nBuffer overflow vulnerability was found in VLC media player. By exploiting this vulnerability malicious users can cause a denial of service (crash). This vulnerability can be exploited remotely via a crafted wav file.\n\n### *Affected products*:\nVideoLAN VLC media player versions earlier 2.2.0\n\n### *Solution*:\nUpdate to the latest version \n[Download page with latest version of VLC media player](<http://www.videolan.org/vlc/>)\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[VLC media player](<https://threats.kaspersky.com/en/product/VLC-media-player/>)\n\n### *CVE-IDS*:\n[CVE-2016-3941](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3941>)", "edition": 32, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}}, "hash": "4bc574d170761ee97b2e209a03d78f75a15a991991bfb887b03ed893d3b6fa73", "hashmap": [{"hash": "151bc6567d5236f63794346f9bd2ad88", "key": "description"}, {"hash": "f5e862bb7e373981ead01ae7779f6925", "key": "title"}, {"hash": "006c983ef7a1687b967da0e2d8fa6615", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "f0fc374e5e2d2f4c44811a329d7f2ce1", "key": "href"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "3873c836ae45fd496c2b40bae50467ed", "key": "cvss"}, {"hash": "d85eb9a86b89fb1c1dcf7dbb6a9f02d1", "key": "type"}, {"hash": "eeaee7654286336903a205fbedf76f75", "key": "modified"}, {"hash": "eaaf44bb3c5c5359f816b0006c15db98", "key": "published"}, {"hash": "c7d33ff7b19a6a933a6f8c682a1e11aa", "key": "reporter"}], "history": [], "href": "https://threats.kaspersky.com/en/vulnerability/KLA10791", "id": "KLA10791", "lastseen": "2019-02-07T08:14:04", "modified": "2019-02-04T00:00:00", "objectVersion": "1.3", "published": "2016-04-18T00:00:00", "references": [], "reporter": "Kaspersky Lab", "title": "\r KLA10791Buffer overflow vulnerability in VLC media player ", "type": "kaspersky", "viewCount": 29}, "differentElements": ["description"], "edition": 32, "lastseen": "2019-02-07T08:14:04"}, {"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2016-3941"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "### *Detect date*:\n04/18/2016\n\n### *Severity*:\nWarning\n\n### *Description*:\nBuffer overflow vulnerability was found in VLC media player. By exploiting this vulnerability malicious users can cause a denial of service (crash). This vulnerability can be exploited remotely via a crafted wav file.\n\n### *Affected products*:\nVideoLAN VLC media player versions earlier 2.2.0\n\n### *Solution*:\nUpdate to the latest version \n[Download page with latest version of VLC media player](<http://www.videolan.org/vlc/>)\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[VLC media player](<https://threats.kaspersky.com/en/product/VLC-media-player/>)\n\n### *CVE-IDS*:\n[CVE-2016-3941](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3941>)", "edition": 38, "enchantments": {"dependencies": {"modified": "2019-03-11T08:56:43", "references": [{"idList": ["OPENSUSE-SU-2016:1651-1"], "type": "suse"}, {"idList": ["OPENVAS:1361412562310807929", "OPENVAS:1361412562310807931", "OPENVAS:1361412562310851351"], "type": "openvas"}, {"idList": ["OPENSUSE-2016-755.NASL"], "type": "nessus"}, {"idList": ["CVE-2016-3941"], "type": "cve"}]}, "score": {"value": 4.3, "vector": "NONE"}}, "hash": "a195b9134ea634b0e0d1facdeb13b451a5c59571b956dd819ef9c8867189e6c9", "hashmap": [{"hash": "f5e862bb7e373981ead01ae7779f6925", "key": "title"}, {"hash": "006c983ef7a1687b967da0e2d8fa6615", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "f0fc374e5e2d2f4c44811a329d7f2ce1", "key": "href"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "f6701fc973e616a7e7b5c8ce890fbd60", "key": "description"}, {"hash": "3873c836ae45fd496c2b40bae50467ed", "key": "cvss"}, {"hash": "d85eb9a86b89fb1c1dcf7dbb6a9f02d1", "key": "type"}, {"hash": "eaaf44bb3c5c5359f816b0006c15db98", "key": "published"}, {"hash": "239e98079e29ae495f96882251231d51", "key": "modified"}, {"hash": "c7d33ff7b19a6a933a6f8c682a1e11aa", "key": "reporter"}], "history": [], "href": "https://threats.kaspersky.com/en/vulnerability/KLA10791", "id": "KLA10791", "lastseen": "2019-03-11T08:56:43", "modified": "2019-03-07T00:00:00", "objectVersion": "1.3", "published": "2016-04-18T00:00:00", "references": [], "reporter": "Kaspersky Lab", "title": "\r KLA10791Buffer overflow vulnerability in VLC media player ", "type": "kaspersky", "viewCount": 29}, "differentElements": ["description"], "edition": 38, "lastseen": "2019-03-11T08:56:43"}], "edition": 39, "hashmap": [{"key": "bulletinFamily", "hash": "caf9b6b99962bf5c2264824231d7a40c"}, {"key": "cvelist", "hash": "006c983ef7a1687b967da0e2d8fa6615"}, {"key": "cvss", "hash": "3873c836ae45fd496c2b40bae50467ed"}, {"key": "description", "hash": "40255821205d29cd53f94f07ca2ca827"}, {"key": "href", "hash": "f0fc374e5e2d2f4c44811a329d7f2ce1"}, {"key": "modified", "hash": "239e98079e29ae495f96882251231d51"}, {"key": "published", "hash": "eaaf44bb3c5c5359f816b0006c15db98"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "c7d33ff7b19a6a933a6f8c682a1e11aa"}, {"key": "title", "hash": "f5e862bb7e373981ead01ae7779f6925"}, {"key": "type", "hash": "d85eb9a86b89fb1c1dcf7dbb6a9f02d1"}], "hash": "aa9cc28ffbcc03a05f562e2463687d9eb899cdd1796101ba95558764789a5baa", "viewCount": 29, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-3941"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310807931", "OPENVAS:1361412562310807929", "OPENVAS:1361412562310851351"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:1651-1"]}, {"type": "nessus", "idList": ["OPENSUSE-2016-755.NASL"]}], "modified": "2019-03-21T00:15:28"}, "score": {"value": 5.8, "vector": "NONE", "modified": "2019-03-21T00:15:28"}, "vulnersScore": 5.8}, "objectVersion": "1.3", "scheme": null}
{"cve": [{"lastseen": "2019-05-29T18:15:36", "bulletinFamily": "NVD", "description": "Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to \"seek across EOF.\"", "modified": "2016-11-30T03:05:00", "id": "CVE-2016-3941", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3941", "published": "2016-04-18T15:59:00", "title": "CVE-2016-3941", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-07-17T14:26:08", "bulletinFamily": "scanner", "description": "The host is installed with VLC media player\n and is prone to denial of service vulnerability.", "modified": "2019-07-05T00:00:00", "published": "2016-04-26T00:00:00", "id": "OPENVAS:1361412562310807931", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807931", "title": "VLC Media Player Denial of Service Vulnerability April-16 (Mac OS X)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VLC Media Player Denial of Service Vulnerability April-16 (Mac OS X)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:videolan:vlc_media_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807931\");\n script_version(\"2019-07-05T09:29:25+0000\");\n script_cve_id(\"CVE-2016-3941\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:29:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-04-26 11:38:23 +0530 (Tue, 26 Apr 2016)\");\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n script_name(\"VLC Media Player Denial of Service Vulnerability April-16 (Mac OS X)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with VLC media player\n and is prone to denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to the buffer overflow in\n the 'AStreamPeekStream' function in 'input/stream.c' script.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause a denial of service (crash) and possibly execute arbitrary\n code via crafted wav file.\");\n\n script_tag(name:\"affected\", value:\"VideoLAN VLC media player before 2.2.0\n on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to VideoLAN VLC media player version\n 2.2.0-1, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1035456\");\n script_xref(name:\"URL\", value:\"https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1533633\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/CVE-2016-3941\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_vlc_media_player_detect_macosx.nasl\");\n script_mandatory_keys(\"VLC/Media/Player/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!vlcVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:vlcVer, test_version:\"2.2.0\"))\n{\n report = report_fixed_ver(installed_version:vlcVer, fixed_version:\"2.2.0-1\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-07-17T14:26:18", "bulletinFamily": "scanner", "description": "The host is installed with VLC media player\n and is prone to denial of service vulnerability.", "modified": "2019-07-05T00:00:00", "published": "2016-04-26T00:00:00", "id": "OPENVAS:1361412562310807929", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807929", "title": "VLC Media Player Denial of Service Vulnerability April-16 (Windows)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# VLC Media Player Denial of Service Vulnerability April-16 (Windows)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:videolan:vlc_media_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807929\");\n script_version(\"2019-07-05T09:29:25+0000\");\n script_cve_id(\"CVE-2016-3941\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-05 09:29:25 +0000 (Fri, 05 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-04-26 11:09:19 +0530 (Tue, 26 Apr 2016)\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_name(\"VLC Media Player Denial of Service Vulnerability April-16 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with VLC media player\n and is prone to denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to the buffer overflow in\n the 'AStreamPeekStream' function in 'input/stream.c' script.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause a denial of service (crash) and possibly execute arbitrary\n code via crafted wav file.\");\n\n script_tag(name:\"affected\", value:\"VideoLAN VLC media player before 2.2.0\n on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to VideoLAN VLC media player version\n 2.2.0 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1035456\");\n script_xref(name:\"URL\", value:\"https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1533633\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_vlc_media_player_detect_win.nasl\");\n script_mandatory_keys(\"VLCPlayer/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!vlcVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:vlcVer, test_version:\"2.2.0\"))\n{\n report = report_fixed_ver(installed_version:vlcVer, fixed_version:\"2.2.0\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:02", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2016-06-23T00:00:00", "id": "OPENVAS:1361412562310851351", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851351", "title": "SuSE Update for vlc openSUSE-SU-2016:1651-1 (vlc)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2016_1651_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for vlc openSUSE-SU-2016:1651-1 (vlc)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851351\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-23 05:24:29 +0200 (Thu, 23 Jun 2016)\");\n script_cve_id(\"CVE-2016-3941\", \"CVE-2016-5108\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for vlc openSUSE-SU-2016:1651-1 (vlc)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'vlc'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This update for vlc to version 2.1.6 fixes the following issues:\n\n These CVE were fixed:\n\n - CVE-2016-5108: Reject invalid QuickTime IMA files (boo#984382).\n\n - CVE-2016-3941: Heap overflow in processing wav files (boo#973354).\n\n These security issues without were fixed:\n\n - Fix heap overflow in decomp stream filter.\n\n - Fix buffer overflow in updater.\n\n - Fix potential buffer overflow in schroedinger encoder.\n\n - Fix null-pointer dereference in DMO decoder.\n\n - Fix buffer overflow in parsing of string boxes in mp4 demuxer.\n\n - Fix SRTP integer overflow.\n\n - Fix potential crash in zip access.\n\n - Fix read overflow in Ogg demuxer.\");\n script_tag(name:\"affected\", value:\"vlc on openSUSE 13.2\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1651_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libvlc5\", rpm:\"libvlc5~2.1.6~2.10.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvlc5-debuginfo\", rpm:\"libvlc5-debuginfo~2.1.6~2.10.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvlccore7\", rpm:\"libvlccore7~2.1.6~2.10.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libvlccore7-debuginfo\", rpm:\"libvlccore7-debuginfo~2.1.6~2.10.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vlc\", rpm:\"vlc~2.1.6~2.10.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vlc-debuginfo\", rpm:\"vlc-debuginfo~2.1.6~2.10.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vlc-debugsource\", rpm:\"vlc-debugsource~2.1.6~2.10.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vlc-devel\", rpm:\"vlc-devel~2.1.6~2.10.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vlc-gnome\", rpm:\"vlc-gnome~2.1.6~2.10.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vlc-gnome-debuginfo\", rpm:\"vlc-gnome-debuginfo~2.1.6~2.10.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vlc-noX\", rpm:\"vlc-noX~2.1.6~2.10.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vlc-noX-debuginfo\", rpm:\"vlc-noX-debuginfo~2.1.6~2.10.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vlc-qt\", rpm:\"vlc-qt~2.1.6~2.10.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vlc-qt-debuginfo\", rpm:\"vlc-qt-debuginfo~2.1.6~2.10.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vlc-noX-lang\", rpm:\"vlc-noX-lang~2.1.6~2.10.1\", rls:\"openSUSE13.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T12:38:49", "bulletinFamily": "unix", "description": "This update for vlc to version 2.1.6 fixes the following issues:\n\n These CVE were fixed:\n - CVE-2016-5108: Reject invalid QuickTime IMA files (boo#984382).\n - CVE-2016-3941: Heap overflow in processing wav files (boo#973354).\n\n These security issues without were fixed:\n - Fix heap overflow in decomp stream filter.\n - Fix buffer overflow in updater.\n - Fix potential buffer overflow in schroedinger encoder.\n - Fix null-pointer dereference in DMO decoder.\n - Fix buffer overflow in parsing of string boxes in mp4 demuxer.\n - Fix SRTP integer overflow.\n - Fix potential crash in zip access.\n - Fix read overflow in Ogg demuxer.\n\n", "modified": "2016-06-22T14:09:48", "published": "2016-06-22T14:09:48", "id": "OPENSUSE-SU-2016:1651-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00045.html", "title": "Security update for vlc (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-11-01T03:01:07", "bulletinFamily": "scanner", "description": "This update for vlc to version 2.1.6 fixes the following issues :\n\nThese CVE were fixed :\n\n - CVE-2016-5108: Reject invalid QuickTime IMA files\n (boo#984382).\n\n - CVE-2016-3941: Heap overflow in processing wav files\n (boo#973354).\n\nThese security issues without were fixed :\n\n - Fix heap overflow in decomp stream filter.\n\n - Fix buffer overflow in updater.\n\n - Fix potential buffer overflow in schroedinger encoder.\n\n - Fix NULL pointer dereference in DMO decoder.\n\n - Fix buffer overflow in parsing of string boxes in mp4\n demuxer.\n\n - Fix SRTP integer overflow.\n\n - Fix potential crash in zip access.\n\n - Fix read overflow in Ogg demuxer.", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2016-755.NASL", "href": "https://www.tenable.com/plugins/nessus/91773", "published": "2016-06-23T00:00:00", "title": "openSUSE Security Update : vlc (openSUSE-2016-755)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-755.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91773);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2019/04/11 17:23:07\");\n\n script_cve_id(\"CVE-2016-3941\", \"CVE-2016-5108\");\n\n script_name(english:\"openSUSE Security Update : vlc (openSUSE-2016-755)\");\n script_summary(english:\"Check for the openSUSE-2016-755 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for vlc to version 2.1.6 fixes the following issues :\n\nThese CVE were fixed :\n\n - CVE-2016-5108: Reject invalid QuickTime IMA files\n (boo#984382).\n\n - CVE-2016-3941: Heap overflow in processing wav files\n (boo#973354).\n\nThese security issues without were fixed :\n\n - Fix heap overflow in decomp stream filter.\n\n - Fix buffer overflow in updater.\n\n - Fix potential buffer overflow in schroedinger encoder.\n\n - Fix NULL pointer dereference in DMO decoder.\n\n - Fix buffer overflow in parsing of string boxes in mp4\n demuxer.\n\n - Fix SRTP integer overflow.\n\n - Fix potential crash in zip access.\n\n - Fix read overflow in Ogg demuxer.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984382\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected vlc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvlc5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvlc5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvlccore7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvlccore7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-noX\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-noX-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-noX-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvlc5-2.1.6-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvlc5-debuginfo-2.1.6-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvlccore7-2.1.6-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libvlccore7-debuginfo-2.1.6-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vlc-2.1.6-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vlc-debuginfo-2.1.6-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vlc-debugsource-2.1.6-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vlc-devel-2.1.6-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vlc-gnome-2.1.6-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vlc-gnome-debuginfo-2.1.6-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vlc-noX-2.1.6-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vlc-noX-debuginfo-2.1.6-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vlc-noX-lang-2.1.6-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vlc-qt-2.1.6-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vlc-qt-debuginfo-2.1.6-2.10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libvlc5 / libvlc5-debuginfo / libvlccore7 / libvlccore7-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
