Ubuntu
vlc package

[vlc] [DSA-1543-1] several vulnerabilities

Bug #214977 reported by disabled.user
256
Affects Status Importance Assigned to Milestone
vlc (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: vlc

References:
DSA-1543-1 (http://www.debian.org/security/2008/dsa-1543)

Quoting:
"Luigi Auriemma, Alin Rad Pop, Rémi Denis-Courmont, Quovodis, Guido
Landi, Felipe Manzano, Anibal Sacco and others discovered multiple
vulnerabilities in vlc, an application for playback and streaming of
audio and video. In the worst case, these weaknesses permit a remote,
unauthenticated attacker to execute arbitrary code with the privileges
of the user running vlc.

The Common Vulnerabilities and Exposures project identifies the
following eight problems:

CVE-2007-6681

    A buffer overflow vulnerability in subtitle handling allows an
    attacker to execute arbitrary code through the opening of a
    maliciously crafted MicroDVD, SSA or Vplayer file.

CVE-2007-6682

    A format string vulnerability in the HTTP-based remote control
    facility of the vlc application allows a remote, unauthenticated
    attacker to execute arbitrary code.

CVE-2007-6683

    Insecure argument validation allows a remote attacker to overwrite
    arbitrary files writable by the user running vlc, if a maliciously
    crafted M3U playlist or MP3 audio file is opened.

CVE-2008-0295, CVE-2008-0296

    Heap buffer overflows in RTSP stream and session description
    protocol (SDP) handling allow an attacker to execute arbitrary
    code if a maliciously-crafted RTSP stream is played.

CVE-2008-0073

    Insufficient integer bounds checking in SDP handling allows the
    execution of arbitrary code through a maliciously crafted SDP
    stream ID parameter in an RTSP stream.

CVE-2008-0984

    Insufficient integrity checking in the MP4 demuxer allows a remote
    attacker to overwrite arbitrary memory and execute arbitrary code
    if a maliciously-crafted MP4 file is opened.

CVE-2008-1489

    An integer overflow vulnerability in MP4 handling allows a remote
    attacker to cause a heap buffer overflow, inducing a crash and
    possibly the execution of arbitrary code if a maliciously-crafted
    MP4 file is opened."

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.