CVE-2012-0023

Description

Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file.

How to fix CVE-2012-0023

To remediate CVE-2012-0023, upgrade the affected package to a fixed version below.

• Debian/vlc—upgrade to 1.1.13-1 or later

Is CVE-2012-0023 being exploited?

Moderate — EPSS is 11.9%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 1.1.13-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-0023