oss-sec mailing list archives

Re: CVE request: VLC bookmark buffer overflow

From: Josh Bressers <bressers () redhat com>
Date: Thu, 3 Mar 2011 15:31:59 -0500 (EST)

Argh, this should have gotten a 2010 ID.

Steve, does MITRE want to reassign, or just leave it as is?

Thanks.

-- 
    JB


----- Original Message -----

----- Original Message -----

Can I get CVE-identifier for this issue:

"VLC media player is vulnerable to a buffer overflow attack when
processing .mp3 file and its metadata. It fails to perform boundry
checks when creating a bookmark from the malicious media file
playing,
resulting in a crash, overwriting ECX register. While the evil .mp3
is
playing, you go Playback > Bookmarks > Manage bookmarks > Create."

References:
http://osvdb.org/show/osvdb/62728/printer


Please use CVE-2011-1087

Thanks.

--
JB

Current thread:

CVE request: VLC bookmark buffer overflow henri (Mar 02)
- Re: CVE request: VLC bookmark buffer overflow Josh Bressers (Mar 03)
  - Re: CVE request: VLC bookmark buffer overflow Josh Bressers (Mar 03)
    - Re: CVE request: VLC bookmark buffer overflow Henri Salo (Mar 24)
    - Re: CVE request: VLC bookmark buffer overflow Steven M. Christey (Mar 28)