Full Disclosure mailing list archives
VLC highlander bug
From: Luigi Auriemma <aluigi () autistici org>
Date: Mon, 17 Mar 2008 18:35:25 +0100
The old buffer-overflow in the subtitles handled by VLC has not been fully patched in version 0.8.6e, in fact buffer_text2 in ParseSSA is still unchecked: if( sscanf( s, "Dialogue: %[^,],%d:%d:%d.%d,%d:%d:%d.%d,%81920[^\r\n]", buffer_text2, The funny thing is that my old proof-of-concept was built just to test this specific buffer-overflow and in fact it works on the new VLC version too without modifications 8-) Instead the SVN version was and is patched from 10 months as I wrote in my old advisory: http://aluigi.org/adv/vlcboffs-adv.txt --- Luigi Auriemma http://aluigi.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- VLC highlander bug Luigi Auriemma (Mar 17)