*** This bug is a security vulnerability ***
Public security bug reported:
Since VLC 2.2.0pre4, we've fixed a lot of head overflows, and heap
buffer overflows in numerous VLC demuxers:
- demux: asf: stay within track limits
- demux: libmp4: fix heap overflow in stdp debug code (fix #12358)
- demux: mp4: fix heap buffer ofw with zero chunk (fix #12356)
- demux: tta: fix heap buffer ofw (fix #12357)
- demux: livavi: fix heap buffer ofw in strf parsing (fix #12359)
- demux: libavi: fix heap write ofw
- demux: ogg: fix use after free (fix #12360)
- demux: mp4: fix heap read ofw in extra bytes
- demux: asf: fix heap buffer write ofw in priorities (fix #12363)
- demux: mp4: fix last chunk size computation (fix #12362)
- demux: libmp4: fix heap buffer write ofw in chpl (fix #12366)
So far, we don't know any exploits, or even if they are exploitable, but
the number is high enough to be worrying.
Since you package -pre2 in Utopic, you should care also about the following int
overflows, heap buffer overflows, heap overflows and other important crashes:
access: dvdread: fix int overflow (cid #1062572)
addons: fix deference before null check (cid #1231840)
demux: mp4: fix integer overflow (fix #12074)
packetizer: dirac: block sanitizing must clean reordering (fix #12051)
demux: avi:fix block reading
demux: mp4: fix heap buffer overflow (fix #12266)
demux: ogg: Don't read skeleton if no bones first
demux: ogg: don't use incomplete vorbis headers (fix #12270)
demux: ogg: fix headers validation
demux: mp4: fix heap read overflow in avcc (fix #12267)
demux: ogg: fix packet count heap overflow (fix #12265)
demux: mp4: don't read at all if not content
demux: mp4: fix heap overflow (fix #12283)
demux: mp4: don't trust atom type processing stsd (fix #12285)
demux: mp4: fix heap overflow reading esds
demux: mp4: fix heap read overflow in vide handler
demux: mp4: fix overflow in cprt language decoding
input: stream_memory: handle skip reads
Please note that there is no new features whatsoever in VLC since the
-pre2 version, but only bug fixes.
** Affects: vlc (Ubuntu)
Importance: Undecided
Status: New
** Information type changed from Private Security to Public Security
** Description changed:
Since VLC 2.2.0pre4, we've fixed a lot of head overflows, and heap
buffer overflows in numerous VLC demuxers:
- demux: asf: stay within track limits
- demux: libmp4: fix heap overflow in stdp debug code (fix #12358)
- demux: mp4: fix heap buffer ofw with zero chunk (fix #12356)
- demux: tta: fix heap buffer ofw (fix #12357)
- demux: livavi: fix heap buffer ofw in strf parsing (fix #12359)
- demux: libavi: fix heap write ofw
- demux: ogg: fix use after free (fix #12360)
- demux: mp4: fix heap read ofw in extra bytes
- demux: asf: fix heap buffer write ofw in priorities (fix #12363)
- demux: mp4: fix last chunk size computation (fix #12362)
- demux: libmp4: fix heap buffer write ofw in chpl (fix #12366)
So far, we don't know any exploits, but the number is quite high, to be
worrying.
Since you package -pre2 in Utopic, you should care also about the following
int overflows, heap buffer overflows, heap overflows and other important
crashes:
- access: dvdread: fix int overflow (cid #1062572)
- addons: fix deference before null check (cid #1231840)
- demux: mp4: fix integer overflow (fix #12074)
- packetizer: dirac: block sanitizing must clean reordering (fix #12051)
- demux: avi:fix block reading
- demux: mp4: fix heap buffer overflow (fix #12266)
- demux: ogg: Don't read skeleton if no bones first
- demux: ogg: don't use incomplete vorbis headers (fix #12270)
- demux: ogg: fix headers validation
- demux: mp4: fix heap read overflow in avcc (fix #12267)
- demux: ogg: fix packet count heap overflow (fix #12265)
- demux: mp4: don't read at all if not content
- demux: mp4: fix heap overflow (fix #12283)
- demux: mp4: don't trust atom type processing stsd (fix #12285)
- demux: mp4: fix heap overflow reading esds
- demux: mp4: fix heap read overflow in vide handler
- demux: mp4: fix overflow in cprt language decoding
- input: stream_memory: handle skip reads
+ access: dvdread: fix int overflow (cid #1062572)
+ addons: fix deference before null check (cid #1231840)
+ demux: mp4: fix integer overflow (fix #12074)
+ packetizer: dirac: block sanitizing must clean reordering (fix #12051)
+ demux: avi:fix block reading
+ demux: mp4: fix heap buffer overflow (fix #12266)
+ demux: ogg: Don't read skeleton if no bones first
+ demux: ogg: don't use incomplete vorbis headers (fix #12270)
+ demux: ogg: fix headers validation
+ demux: mp4: fix heap read overflow in avcc (fix #12267)
+ demux: ogg: fix packet count heap overflow (fix #12265)
+ demux: mp4: don't read at all if not content
+ demux: mp4: fix heap overflow (fix #12283)
+ demux: mp4: don't trust atom type processing stsd (fix #12285)
+ demux: mp4: fix heap overflow reading esds
+ demux: mp4: fix heap read overflow in vide handler
+ demux: mp4: fix overflow in cprt language decoding
+ input: stream_memory: handle skip reads
+
+
+ Please note that there is no new features whatsoever in VLC since the -pre2
version, but only bug fixes.
** Description changed:
Since VLC 2.2.0pre4, we've fixed a lot of head overflows, and heap
buffer overflows in numerous VLC demuxers:
- demux: asf: stay within track limits
- demux: libmp4: fix heap overflow in stdp debug code (fix #12358)
- demux: mp4: fix heap buffer ofw with zero chunk (fix #12356)
- demux: tta: fix heap buffer ofw (fix #12357)
- demux: livavi: fix heap buffer ofw in strf parsing (fix #12359)
- demux: libavi: fix heap write ofw
- demux: ogg: fix use after free (fix #12360)
- demux: mp4: fix heap read ofw in extra bytes
- demux: asf: fix heap buffer write ofw in priorities (fix #12363)
- demux: mp4: fix last chunk size computation (fix #12362)
- demux: libmp4: fix heap buffer write ofw in chpl (fix #12366)
- So far, we don't know any exploits, but the number is quite high, to be
- worrying.
+ So far, we don't know any exploits, or even if they are exploitable, but
+ the number is high enough to be worrying.
Since you package -pre2 in Utopic, you should care also about the following
int overflows, heap buffer overflows, heap overflows and other important
crashes:
access: dvdread: fix int overflow (cid #1062572)
addons: fix deference before null check (cid #1231840)
demux: mp4: fix integer overflow (fix #12074)
packetizer: dirac: block sanitizing must clean reordering (fix #12051)
demux: avi:fix block reading
demux: mp4: fix heap buffer overflow (fix #12266)
demux: ogg: Don't read skeleton if no bones first
demux: ogg: don't use incomplete vorbis headers (fix #12270)
demux: ogg: fix headers validation
demux: mp4: fix heap read overflow in avcc (fix #12267)
demux: ogg: fix packet count heap overflow (fix #12265)
demux: mp4: don't read at all if not content
demux: mp4: fix heap overflow (fix #12283)
demux: mp4: don't trust atom type processing stsd (fix #12285)
demux: mp4: fix heap overflow reading esds
demux: mp4: fix heap read overflow in vide handler
demux: mp4: fix overflow in cprt language decoding
input: stream_memory: handle skip reads
-
- Please note that there is no new features whatsoever in VLC since the -pre2
version, but only bug fixes.
+ Please note that there is no new features whatsoever in VLC since the
+ -pre2 version, but only bug fixes.
** Information type changed from Public Security to Private Security
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1390491
Title:
Upgrade to VLC 2.2.0-RC1 for security reasons
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1390491/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
