Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Mon, 10 Nov 2008 13:05:23 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE id request: vlc



======================================================
Name: CVE-2008-5032
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5032
Reference: MLIST:[oss-security] 20081105 CVE id request: vlc
Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/05/5
Reference: MLIST:[oss-security] 20081105 VideoLAN security advisory 0810
Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/05/4
Reference: MISC:http://www.trapkit.de/advisories/TKADV2008-011.txt
Reference: MISC:http://www.trapkit.de/advisories/TKADV2008-012.txt
Reference: CONFIRM:http://git.videolan.org/?p=vlc.git;a=commitdiff;h=5f63f1562d43f32331006c2c1a61742de031b84d
Reference: CONFIRM:http://git.videolan.org/?p=vlc.git;a=commitdiff;h=e3cef651125701a2e33a8d75b815b3e39681a447
Reference: CONFIRM:http://www.videolan.org/security/sa0810.html

Multiple stack-based buffer overflows in VideoLAN VLC media player
0.5.0 through 0.9.5 allow user-assisted attackers to execute arbitrary
code via (1) the header of an invalid CUE image file, related to
modules/access/vcd/cdrom.c; or (2) an invalid RealText (rt) subtitle
file, related to the ParseRealText function in
modules/demux/subtitle.c.

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux