Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 3 Mar 2011 15:31:59 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE request: VLC bookmark buffer overflow

Argh, this should have gotten a 2010 ID.

Steve, does MITRE want to reassign, or just leave it as is?

Thanks.

-- 
    JB


----- Original Message -----
> ----- Original Message -----
> > Can I get CVE-identifier for this issue:
> >
> > "VLC media player is vulnerable to a buffer overflow attack when
> > processing .mp3 file and its metadata. It fails to perform boundry
> > checks when creating a bookmark from the malicious media file
> > playing,
> > resulting in a crash, overwriting ECX register. While the evil .mp3
> > is
> > playing, you go Playback > Bookmarks > Manage bookmarks > Create."
> >
> > References:
> > http://osvdb.org/show/osvdb/62728/printer
> 
> Please use CVE-2011-1087
> 
> Thanks.
> 
> --
> JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ