oss-sec mailing list archives

CVE request: vlc

From: Nico Golde <oss-security+ml () ngolde de>
Date: Tue, 26 Feb 2008 19:32:30 +0100

Hi Steve,
can I get a CVE id for vlc because of the following issue?

The mp4 demuxer of vlc is missing validation of array 
boundaries and thus allows overwriting arbitrary memory.

For more details see:
http://www.videolan.org/security/sa0802.html

Patch:
http://www.videolan.org/patches/vlc-0.8.6-CORE-2008-0130.patch

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: _bin
Description:

Current thread:

CVE request: vlc Nico Golde (Feb 26)
- Re: CVE request: vlc Steven M. Christey (Feb 26)
  - Re: CVE request: vlc Nico Golde (Feb 26)