Date: Wed, 2 Mar 2011 23:11:29 +0200 From: henri@...v.fi To: oss-security@...ts.openwall.com Subject: CVE request: VLC bookmark buffer overflow Can I get CVE-identifier for this issue: "VLC media player is vulnerable to a buffer overflow attack when processing .mp3 file and its metadata. It fails to perform boundry checks when creating a bookmark from the malicious media file playing, resulting in a crash, overwriting ECX register. While the evil .mp3 is playing, you go Playback > Bookmarks > Manage bookmarks > Create." References: http://osvdb.org/show/osvdb/62728/printer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ