CVE-2014-1684

Publication date 3 March 2014

Last updated 24 July 2024

The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
vlc	17.04 zesty	Fixed 2.1.4-1
	16.10 yakkety	Fixed 2.1.4-1
	16.04 LTS xenial	Fixed 2.1.4-1
	15.10 wily	Fixed 2.1.4-1
	15.04 vivid	Fixed 2.1.4-1
	14.10 utopic	Fixed 2.1.4-1
	14.04 LTS trusty	Fixed 2.1.4-0ubuntu14.04.1
	13.10 saucy	Ignored
	12.10 quantal	Ignored
	12.04 LTS precise	Ignored
	10.04 LTS lucid	Ignored

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
vlc	Upstream: http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git;a=commitdiff;h=98787d0843612271e99d62bee0dfd8197f0cf404

References

MITRE
NVD
Launchpad
Debian

Other references

http://www.elsherei.com/?p=269
https://www.cve.org/CVERecord?id=CVE-2014-1684