oss-sec mailing list archives
Re: [oCERT-2015-009] VLC arbitrary pointer dereference
From: Loren <loren () trailofbits com>
Date: Thu, 20 Aug 2015 17:27:57 -0400
POC for oCERT#2015-009 VLC arbitrary pointer dereference Running VLC v2.2.1 with sample_crash causes a segmentation fault on 0xccddeeff, an address read in from 0x1b6e6 in the sample_crash file. After this address is freed, vlc then attempts to free the next four bytes in the file, 0x1122331e. This data can be changed in the sample_crash file to free two arbitrary addresses. sample_crash : http://s000.tinyupload.com/?file_id=94915905821495818830 <http://s000.tinyupload.com/index.php?file_id=94915905821495818830> -Loren Maggiore
Attachment:
smime.p7s
Description:
Current thread:
- [oCERT-2015-009] VLC arbitrary pointer dereference Andrea Barisani (Aug 20)
- Re: [oCERT-2015-009] VLC arbitrary pointer dereference Alessandro Ghedini (Aug 20)
- <Possible follow-ups>
- Re: [oCERT-2015-009] VLC arbitrary pointer dereference Loren (Aug 20)