CVE-2014-9629

Name of the Vulnerable Software and Affected Versions VLC media player versions prior to 2.1.6 VLC media player versions 2.2.x prior to 2.2.1

Description The issue is related to an integer overflow in the Encode function, specifically in the Schroedinger codec, which can lead to a buffer overflow. This allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file. The vulnerability is due to improper bounds checking in the Schroedinger- and Dirac- encoders.

Recommendations For versions prior to 2.1.6, update to version 2.1.6 or later. For versions 2.2.x prior to 2.2.1, update to version 2.2.1 or later. As a temporary workaround, consider disabling the Schroedinger and Dirac encoders until a patch is available.