oss-sec mailing list archives
Re: Re: CVE request: Heap overflow in VLC 2.1.6 processing wav files
From: Seth Arnold <seth.arnold () canonical com>
Date: Wed, 30 Mar 2016 12:24:12 -0700
On Wed, Mar 30, 2016 at 03:24:54PM -0300, Gustavo Grieco wrote:
For some reason, the attached test case did not go to the mailing list. Let's try again.. 2016-03-30 14:43 GMT-03:00 Gustavo Grieco <gustavo.grieco () gmail com>:Hi, We found a buffer overflow in the parsing and processing of wav files in VLC (version 2.1.6-0). It was tested in Ubuntu 14.04 (x86_64), but it will probably affects other versions as well. Fortunately, it seems to be fixed in the last release of VLC. Here you can see the gdb stack trace:
It didn't come through the second try either; it's attached to the bug report at: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1533633 Thanks
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE request: Heap overflow in VLC 2.1.6 processing wav files Gustavo Grieco (Mar 30)
- Re: CVE request: Heap overflow in VLC 2.1.6 processing wav files Gustavo Grieco (Mar 30)
- Re: Re: CVE request: Heap overflow in VLC 2.1.6 processing wav files Seth Arnold (Mar 30)
- Re: CVE request: Heap overflow in VLC 2.1.6 processing wav files cve-assign (Mar 30)
- Re: CVE request: Heap overflow in VLC 2.1.6 processing wav files Gustavo Grieco (Mar 30)