VLC Media Player "MP4_ReadBox_rdrf()" Buffer Overflow Vulnerability
Noiano
noiano at lavabit.com
Wed Mar 26 09:41:42 GMT 2008
From Secunia, http://secunia.com/advisories/29503/
DESCRIPTION:
A vulnerability has been reported in VLC Media Player, which
potentially can be exploited by malicious people to compromise a
user's system.
The vulnerability is caused due to an integer overflow error within
"MP4_ReadBox_rdrf()" in modules/demux/mp4/libmp4.c and can be
exploited to cause a heap-based buffer overflow via e.g. a MP4 file
with a specially crafted RDRF atom.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in version 0.8.6e. Other versions may
also be affected.
SOLUTION:
Fixed in the GIT repository.
http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 209 bytes
Desc: OpenPGP digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-motu/attachments/20080326/a2d3d534/attachment.pgp
More information about the Ubuntu-motu
mailing list