CVE-2012-3377 - Buttocked Tubs

Description

Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted OGG file.

Reference

http://secunia.com/advisories/49835 http://www.securitytracker.com/id?1027224 http://www.openwall.com/lists/oss-security/2012/07/06/1 http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e http://www.openwall.com/lists/oss-security/2012/07/06/2 http://www.securityfocus.com/bid/54345 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15299