subject:"Bug#477805\: vlc\: CVE\-2008\-1881 stack\-based buffer overflow in subtitle parsing"

Bug#477805: vlc: CVE-2008-1881 stack-based buffer overflow in subtitle parsing

2008-04-25 Thread Nico Golde

Package: vlc
Severity: grave
Tags: security

Hi,
the following CVE (Common Vulnerabilities  Exposures) id was
published for vlc.


CVE-2008-1881[0]:
| Stack-based buffer overflow in the ParseSSA function
| (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to
| execute arbitrary code via a long subtitle in an SSA file.  NOTE: this
| issue is due to an incomplete fix for CVE-2007-6681.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1881
http://security-tracker.debian.net/tracker/CVE-2008-1881

-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.


pgpJNh4HC1sx9.pgp
Description: PGP signature

Bug#477805: vlc: CVE-2008-1881 stack-based buffer overflow in subtitle parsing

2008-04-25 Thread Tomas Hoger

Hi!

Should be fixed in 0.8.6f, for patch see:

http://git.videolan.org/gitweb.cgi?p=vlc.git;a=commitdiff;h=94baded6eff88e39c98b6e3572826f16f21ceec3
http://bugs.gentoo.org/show_bug.cgi?id=214277#c2

-- 
Tomas Hoger



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#477805: vlc: CVE-2008-1881 stack-based buffer overflow in subtitle parsing

Bug#477805: vlc: CVE-2008-1881 stack-based buffer overflow in subtitle parsing

2 matches

Site Navigation

Mail list logo

Footer information