oss-sec mailing list archives
Re: CVE request: VLC bookmark buffer overflow
From: Josh Bressers <bressers () redhat com>
Date: Thu, 3 Mar 2011 15:31:05 -0500 (EST)
----- Original Message -----
Can I get CVE-identifier for this issue: "VLC media player is vulnerable to a buffer overflow attack when processing .mp3 file and its metadata. It fails to perform boundry checks when creating a bookmark from the malicious media file playing, resulting in a crash, overwriting ECX register. While the evil .mp3 is playing, you go Playback > Bookmarks > Manage bookmarks > Create." References: http://osvdb.org/show/osvdb/62728/printer
Please use CVE-2011-1087 Thanks. -- JB
Current thread:
- CVE request: VLC bookmark buffer overflow henri (Mar 02)
- Re: CVE request: VLC bookmark buffer overflow Josh Bressers (Mar 03)
- Re: CVE request: VLC bookmark buffer overflow Josh Bressers (Mar 03)
- Re: CVE request: VLC bookmark buffer overflow Henri Salo (Mar 24)
- Re: CVE request: VLC bookmark buffer overflow Steven M. Christey (Mar 28)
- Re: CVE request: VLC bookmark buffer overflow Josh Bressers (Mar 03)
- Re: CVE request: VLC bookmark buffer overflow Josh Bressers (Mar 03)