Launchpad.net

CVE 2008-3732

Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

Related bugs and status

CVE-2008-3732 (Candidate) is related to these bugs:

Bug #84098: "always on top" option in VLC not working

Summary				In	Importance	Status
	84098	"always on top" option in VLC not working		vlc (Ubuntu)	Undecided	Fix Released

Bug #88487: Wxwidgets inferface truncates the "Position/Length" display

Summary				In	Importance	Status
	88487	Wxwidgets inferface truncates the "Position/Length" display		vlc (Ubuntu)	Undecided	Fix Released
	88487	Wxwidgets inferface truncates the "Position/Length" display		VLC media player	Unknown	Won't Fix

Bug #90603: vlc crashed when I changed interface from wxWidgets to scins 2 and tryed to enlarge bass in equalizer

Summary				In	Importance	Status
	90603	vlc crashed when I changed interface from wxWidgets to scins 2 and tryed to enlarge bass in equalizer		vlc (Ubuntu)	Undecided	Fix Released

Bug #103741: [apport] vlc crashed with SIGSEGV in wxBaseArrayPtrVoid::Insert()

Summary				In	Importance	Status
	103741	[apport] vlc crashed with SIGSEGV in wxBaseArrayPtrVoid::Insert()		vlc (Ubuntu)	Medium	Fix Released

Bug #107899: [apport] vlc crashed with SIGSEGV in PS demuxer, in ps_pkt_read ()

Summary				In	Importance	Status
	107899	[apport] vlc crashed with SIGSEGV in PS demuxer, in ps_pkt_read ()		vlc (Ubuntu)	Medium	Fix Released

Bug #111615: [apport] vlc crashed with SIGSEGV in wxAppBase::SendIdleEvents()

Summary				In	Importance	Status
	111615	[apport] vlc crashed with SIGSEGV in wxAppBase::SendIdleEvents()		vlc (Ubuntu)	Medium	Fix Released

Bug #112076: [apport] vlc crashed with SIGSEGV when seeking flv

Summary				In	Importance	Status
	112076	[apport] vlc crashed with SIGSEGV when seeking flv		vlc (Ubuntu)	Medium	Fix Released

Bug #113927: [apport] vlc crashed with SIGSEGV in scaler

Summary				In	Importance	Status
	113927	[apport] vlc crashed with SIGSEGV in scaler		vlc (Ubuntu)	Medium	Fix Released

Bug #127594: shout output module missing

Summary				In	Importance	Status
	127594	shout output module missing		vlc (Ubuntu)	Wishlist	Fix Released

Bug #150380: vlc's "Open File" dialog doesn't handle drag and drop correctly

Summary				In	Importance	Status
	150380	vlc's "Open File" dialog doesn't handle drag and drop correctly		vlc (Ubuntu)	Undecided	Fix Released

Bug #189575: vlc crashed with SIGSEGV in __stats_Update()

Summary				In	Importance	Status
	189575	vlc crashed with SIGSEGV in __stats_Update()		vlc (Ubuntu)	Medium	Fix Released

Bug #193445: vlc time-display incomplete

Summary				In	Importance	Status
	193445	vlc time-display incomplete		vlc (Ubuntu)	Undecided	Fix Released

Bug #198916: vlc crashed with SIGSEGV in g_type_create_instance()

Summary				In	Importance	Status
	198916	vlc crashed with SIGSEGV in g_type_create_instance()		vlc (Ubuntu)	Medium	Fix Released

Bug #199870: VLC doesn't pause when a video file is played with external subtitles

Summary				In	Importance	Status
	199870	VLC doesn't pause when a video file is played with external subtitles		vlc (Ubuntu)	Undecided	Fix Released
	199870	VLC doesn't pause when a video file is played with external subtitles		VLC media player	Unknown	Fix Released

Bug #205325: vlc being compiled with wxwidgets 2.6 .. should use 2.8 to fix "allway on top" in Hardy

Summary				In	Importance	Status
	205325	vlc being compiled with wxwidgets 2.6 .. should use 2.8 to fix "allway on top" in Hardy		vlc (Ubuntu)	Low	Fix Released

Bug #210354: To big font @ fullscreen MKV

Summary				In	Importance	Status
	210354	To big font @ fullscreen MKV		vlc (Ubuntu)	Undecided	Fix Released

Bug #217305: VLC treats spaces differently (when displaying the name) depending on how the file is opened

Summary				In	Importance	Status
	217305	VLC treats spaces differently (when displaying the name) depending on how the file is opened		vlc (Ubuntu)	Undecided	Fix Released

Bug #239431: won't play files with a plus sign ("+") in it

Summary				In	Importance	Status
	239431	won't play files with a plus sign ("+") in it		vlc (Ubuntu)	Medium	Fix Released

Bug #250041: VLC Volume control behavior bug

Summary				In	Importance	Status
	250041	VLC Volume control behavior bug		vlc (Ubuntu)	Undecided	Fix Released

Bug #261567: VLC is capable of opening Flash videos, but is not registered as a handler for it

Summary				In	Importance	Status
	261567	VLC is capable of opening Flash videos, but is not registered as a handler for it		vlc (Ubuntu)	Undecided	Fix Released
	261567	VLC is capable of opening Flash videos, but is not registered as a handler for it		VLC media player	Undecided	Fix Released

Bug #262705: VLC: New upstream release (0.8.6i) for hardy

Summary				In	Importance	Status
	262705	VLC: New upstream release (0.8.6i) for hardy		vlc (Ubuntu)	Undecided	Invalid
	262705	VLC: New upstream release (0.8.6i) for hardy		vlc (Ubuntu Hardy)	High	Fix Released

Bug #270404: Please update VLC to 0.9.2

Summary				In	Importance	Status
	270404	Please update VLC to 0.9.2		vlc (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.orange-bat....
GENTOO: GLSA-200809-06
BID: 30718
SECUNIA: 31512
SREASON: 4170
VUPEN: ADV-2008-2394
XF: vlc-mediaplayer-open-b...
EXPLOIT-DB: 6252
OVAL: oval:org.mitre.oval:de...