oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: VideoLAN advisory 1004

From: Josh Bressers <bressers () redhat com>
Date: Wed, 11 Aug 2010 16:21:51 -0400 (EDT)
Please use CVE-2010-2937 for this.

Thanks.

-- 
    JB


----- "Rémi Denis-Courmont" <rem () videolan org> wrote:


Hello,

Can I get a CVE number for this? Please CC me on replies.

http://www.videolan.org/security/sa1004.html

----8<--------8<--------8<--------8<--------8<--------8<--------8<----

VideoLAN Security Advisory 1004

Summary           : Insufficient input validation in VLC TagLib
plugin
Date              : August 2011
Affected versions : VLC media player versions 1.1.2 down to 0.9.0
ID                : VideoLAN-SA-1004
CVE reference     : N/A

Details

VLC fails to perform sufficient input validation when trying to
extract some 
meta-informations about input media through ID3v2 tags. In the failure
case, 
VLC attempt dereference an invalid memory address, and a crash will
ensure.

Impact

In the failure case, VLC will dereference a memory address within the
first 
page of its process virtual memory. In normal conditions, and on most

operating systems, this will result in a segmentation fault (a general

protection fault on Windows), and the process will terminate
abruptly.

In most usage scenarii, this will only cause user annoyance.

Threat mitigation

Exploitation of this issue requires the user to include a file in its
playlist 
or to attempt to open it.

Workarounds

The user should refrain from opening files from untrusted third
parties or 
accessing untrusted remote sites (or disable the VLC browser plugins),
until 
the patch is applied.

Solution

VLC media player 1.1.3 [will address] this issue. Patches for VLC
media player 
1.1.x and 1.0.x are available from the corresponding official VLC
source code 
repositories.

Credits

This vulnerability was reported by FortiGuard Labs.

References

The VideoLAN project
    http://www.videolan.org/ 
FortiGuard Labs
    http://www.fortinet.com/ 
Patch for VLC 1.1.2, 1.1.1, 1.1.0
    commit 24918843e57c7962e28fcb01845adce82bed6516 
Patch for VLC 1.0.6
    commit 22a22e356c9d93993086810b2e25b59b55925b3a 

----8<--------8<--------8<--------8<--------8<--------8<--------8<----

Thanks in advance, best regards,

-- 
Rémi Denis-Courmont
http://git.remlab.net/cgi-bin/gitweb.cgi?p=vlc-courmisch.git;a=summary
Previous By Date Next
Previous By Thread Next

Current thread: