Bugzilla – Bug 973354
VUL-0: CVE-2016-3941: vlc: Heap overflow in processing wav files
Last modified: 2016-08-05 06:57:33 UTC
CVE-2016-3941 Reproducer and details in https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1533633 According to that the current git snapshot doesn't crash on the reproducer. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3941 http://seclists.org/oss-sec/2016/q1/722
Tests done: Tumbleweed (vlc 2.2.2): No crash Leap 42.1 (vlc 2.2.1): No crash Still need to test 13.2 (vlc 2.1.5): likely affected, as CVE-2016-3941 references 2.1.6
bugbot adjusting priority
Submitted for 13.2 Leap and TW seem unaffected
openSUSE-SU-2016:1651-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 973354,984382 CVE References: CVE-2016-3941,CVE-2016-5108 Sources used: openSUSE 13.2 (src): vlc-2.1.6-2.10.1
For 13.2 we released an update - Leap and TW were not affected to start with