[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE request: VLC -- Stack-based buffer overflows in three demuxers
From: Alex Legler <a3li () gentoo ! org>
Date: 2009-09-17 23:21:09
Message-ID: 20090918012109.508bf65a () mail ! netloc ! info
[Download RAW message or body]
Hey,
just caught this at Secunia [1], can we please get a CVE?
"Some vulnerabilities have been reported in VLC Media Player, which can
be exploited by malicious people to potentially compromise a user's
system.
1) A boundary error exists within the "ASF_ObjectDumpDebug()" function
in modules/demux/asf/libasf.c. This can be exploited to cause a
stack-based buffer overflow via a specially crafted ASF file.
2) A boundary error exists within the "AVI_ChunkDumpDebug_level()"
function in modules/demux/avi/libavi.c. This can be exploited to cause
a stack-based buffer overflow via a specially crafted AVI file.
3) A boundary error exists within the "__MP4_BoxDumpStructure()"
function in modules/demux/mp4/libmp4.c. This can be exploited to cause
a stack-based buffer overflow via a specially crafted MP4 file."
Commits containing the fixes:
1)
http://git.videolan.org/?p=vlc.git;a=commit;h=dfe7084e8cc64e9b7a87cd37065b59cba2064823
2)
http://git.videolan.org/?p=vlc.git;a=commit;h=861e374d03e6c60c7d3c98428c632fe3b9e371b2
3)
http://git.videolan.org/?p=vlc.git;a=commit;h=c5b02d011b8c634d041167f4d2936b55eca4d18d
Thanks,
Alex
[1] http://secunia.com/advisories/36762/
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic