oss-sec mailing list archives
Re: [oCERT-2015-009] VLC arbitrary pointer dereference
From: Alessandro Ghedini <alessandro () ghedini me>
Date: Thu, 20 Aug 2015 16:52:53 +0200
On Thu, Aug 20, 2015 at 03:01:39pm +0200, Andrea Barisani wrote:
#2015-009 VLC arbitrary pointer dereference Description: The VLC media player is an open source media player and streaming media server. The stable VLC version suffers from an arbitrary pointer dereference vulnerability. The vulnerability affects the 3GP file format parser, insufficient restrictions on a writable buffer can be exploited to execute arbitrary code via the heap memory. A specific 3GP file can be crafted to trigger the vulnerability.
So, is there a reproducer for this issue that you can share? Thanks
Attachment:
signature.asc
Description: Digital signature
Current thread:
- [oCERT-2015-009] VLC arbitrary pointer dereference Andrea Barisani (Aug 20)
- Re: [oCERT-2015-009] VLC arbitrary pointer dereference Alessandro Ghedini (Aug 20)
- <Possible follow-ups>
- Re: [oCERT-2015-009] VLC arbitrary pointer dereference Loren (Aug 20)