oss-sec mailing list archives
CVE request: VLC -- Stack-based buffer overflows in three demuxers
From: Alex Legler <a3li () gentoo org>
Date: Fri, 18 Sep 2009 01:21:09 +0200
Hey, just caught this at Secunia [1], can we please get a CVE? "Some vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to potentially compromise a user's system. 1) A boundary error exists within the "ASF_ObjectDumpDebug()" function in modules/demux/asf/libasf.c. This can be exploited to cause a stack-based buffer overflow via a specially crafted ASF file. 2) A boundary error exists within the "AVI_ChunkDumpDebug_level()" function in modules/demux/avi/libavi.c. This can be exploited to cause a stack-based buffer overflow via a specially crafted AVI file. 3) A boundary error exists within the "__MP4_BoxDumpStructure()" function in modules/demux/mp4/libmp4.c. This can be exploited to cause a stack-based buffer overflow via a specially crafted MP4 file." Commits containing the fixes: 1) http://git.videolan.org/?p=vlc.git;a=commit;h=dfe7084e8cc64e9b7a87cd37065b59cba2064823 2) http://git.videolan.org/?p=vlc.git;a=commit;h=861e374d03e6c60c7d3c98428c632fe3b9e371b2 3) http://git.videolan.org/?p=vlc.git;a=commit;h=c5b02d011b8c634d041167f4d2936b55eca4d18d Thanks, Alex [1] http://secunia.com/advisories/36762/
Attachment:
signature.asc
Description:
Current thread:
- CVE request: VLC -- Stack-based buffer overflows in three demuxers Alex Legler (Sep 17)