[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] RE: VideoLAN TiVo Demuxer Duplicate CVEs (CVE-2011-5231 and CVE-2012-0023)
From: "Christey, Steven M." <coley () mitre ! org>
Date: 2012-10-30 17:59:28
Message-ID: FC72FC641B949240B947AC6F1F83FBAF0691A5A3 () IMCMBX01 ! MITRE ! ORG
[Download RAW message or body]
Sean,
Thank you for noticing this.
CVE-2011-5231 was an accidental duplicate of CVE-2012-0023, and it was only released a couple \
days ago.
CVE-2012-0023 has been in use since January.
Google search results show that CVE-2012-0023 has many more hits.
Even though the issue was first published in December 2011 and CVE-2012-0023 has "2012" in the \
name, this off-by-one is very common for identifiers for issues published in December/January \
of any year.
So, even though it's not "aesthetically appropriate," keep CVE-2012-0023 and REJECT \
CVE-2011-5231.
- Steve
-----Original Message-----
From: Sean Amoss [mailto:ackle@gentoo.org]
Sent: Monday, October 29, 2012 2:27 PM
To: Common Vulnerabilities & Exposures; Steven M. Christey
Cc: oss-security@lists.openwall.com; Gentoo Linux Security Team; xtophe@videolan.org
Subject: VideoLAN TiVo Demuxer Duplicate CVEs (CVE-2011-5231 and CVE-2012-0023)
Steve, MITRE, vendors:
It appears that there may be two CVE's for the same issue:
CVE-2011-5231 - Double free vulnerability in the get_chunk_header
function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0
through 1.1.12 allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a crafted TiVo (TY) file.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5231
References to http://www.videolan.org/security/sa1108.html
=======================================================================
CVE-2012-0023 - Buffer overflow in VLC TiVo demuxer
CVE Assignment: http://www.openwall.com/lists/oss-security/2012/01/03/12
References http://www.videolan.org/security/sa1108.html in assignment above
Thanks,
Sean
--
Sean Amoss
Gentoo Security | GLSA Coordinator
E-Mail : ackle@gentoo.org
GnuPG FP : E58A AABD DD2D 03AF 0A7A 2F14 1877 72EC E928 357A
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic