*** This bug is a security vulnerability ***

Public security bug reported:

Binary package hint: vlc

References:
DSA-1543-1 (http://www.debian.org/security/2008/dsa-1543)

Quoting:
"Luigi Auriemma, Alin Rad Pop, Rémi Denis-Courmont, Quovodis, Guido
Landi, Felipe Manzano, Anibal Sacco and others discovered multiple
vulnerabilities in vlc, an application for playback and streaming of
audio and video.  In the worst case, these weaknesses permit a remote,
unauthenticated attacker to execute arbitrary code with the privileges
of the user running vlc.

The Common Vulnerabilities and Exposures project identifies the
following eight problems:

CVE-2007-6681

    A buffer overflow vulnerability in subtitle handling allows an
    attacker to execute arbitrary code through the opening of a
    maliciously crafted MicroDVD, SSA or Vplayer file.

CVE-2007-6682

    A format string vulnerability in the HTTP-based remote control
    facility of the vlc application allows a remote, unauthenticated
    attacker to execute arbitrary code.

CVE-2007-6683

    Insecure argument validation allows a remote attacker to overwrite
    arbitrary files writable by the user running vlc, if a maliciously
    crafted M3U playlist or MP3 audio file is opened.

CVE-2008-0295, CVE-2008-0296

    Heap buffer overflows in RTSP stream and session description
    protocol (SDP) handling allow an attacker to execute arbitrary
    code if a maliciously-crafted RTSP stream is played.

CVE-2008-0073

    Insufficient integer bounds checking in SDP handling allows the
    execution of arbitrary code through a maliciously crafted SDP
    stream ID parameter in an RTSP stream.

CVE-2008-0984

    Insufficient integrity checking in the MP4 demuxer allows a remote
    attacker to overwrite arbitrary memory and execute arbitrary code
    if a maliciously-crafted MP4 file is opened.

CVE-2008-1489

    An integer overflow vulnerability in MP4 handling allows a remote
    attacker to cause a heap buffer overflow, inducing a crash and
    possibly the execution of arbitrary code if a maliciously-crafted
    MP4 file is opened."

** Affects: vlc (Ubuntu)
     Importance: Undecided
         Status: New

** Visibility changed to: Public

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-6681

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-6682

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-6683

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-0295

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-0296

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-0073

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-0984

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-1489

-- 
[vlc] [DSA-1543-1] several vulnerabilities
https://bugs.launchpad.net/bugs/214977
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to