CVE-2016-5108

CRITICAL

Debian Linux < 2.2.3 - Memory Corruption

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-5108. PoCs published by Patrick Coleman.

AI-analyzed exploit summary This exploit targets an out-of-bounds write vulnerability in VLC's ADPCM codec. The flaw arises from insufficient bounds checking on the number of channels in the input stream, potentially leading to remote code execution via a malicious media file.

Description

Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Patrick Coleman · textdoswindows

https://www.exploit-db.com/exploits/41025

View Code ZIP pw:eip

This exploit targets an out-of-bounds write vulnerability in VLC's ADPCM codec. The flaw arises from insufficient bounds checking on the number of channels in the input stream, potentially leading to remote code execution via a malicious media file.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Complex

Reliability

Theoretical

Target: VLC media player (versions affected by CVE-2016-5108)

No auth needed

Prerequisites: A malicious media file (e.g., .mov) crafted to trigger the vulnerability

MITRE ATT&CK