CVE-2016-3941

Name of the Vulnerable Software and Affected Versions VideoLAN VLC media player versions prior to 2.2.0

Description The issue is related to a buffer overflow in the AStreamPeekStream function, which can be exploited by remote attackers to cause a denial of service (crash) via a crafted wav file. This is related to "seek across EOF." The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions prior to 2.2.0, update to version 2.2.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the AStreamPeekStream function until a patch is available. Restrict access to crafted wav files to minimize the risk of exploitation.