oss-sec mailing list archives

Re: [oCERT-2015-009] VLC arbitrary pointer dereference

From: Alessandro Ghedini <alessandro () ghedini me>
Date: Thu, 20 Aug 2015 16:52:53 +0200

On Thu, Aug 20, 2015 at 03:01:39pm +0200, Andrea Barisani wrote:


#2015-009 VLC arbitrary pointer dereference

Description:

The VLC media player is an open source media player and streaming media
server.

The stable VLC version suffers from an arbitrary pointer dereference
vulnerability.

The vulnerability affects the 3GP file format parser, insufficient
restrictions on a writable buffer can be exploited to execute arbitrary code
via the heap memory. A specific 3GP file can be crafted to trigger the
vulnerability.


So, is there a reproducer for this issue that you can share?

Thanks

Attachment: signature.asc
Description: Digital signature

Current thread:

[oCERT-2015-009] VLC arbitrary pointer dereference Andrea Barisani (Aug 20)
- Re: [oCERT-2015-009] VLC arbitrary pointer dereference Alessandro Ghedini (Aug 20)
- <Possible follow-ups>
- Re: [oCERT-2015-009] VLC arbitrary pointer dereference Loren (Aug 20)