Date: Thu, 3 Mar 2011 15:31:59 -0500 (EST) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: CVE request: VLC bookmark buffer overflow Argh, this should have gotten a 2010 ID. Steve, does MITRE want to reassign, or just leave it as is? Thanks. -- JB ----- Original Message ----- > ----- Original Message ----- > > Can I get CVE-identifier for this issue: > > > > "VLC media player is vulnerable to a buffer overflow attack when > > processing .mp3 file and its metadata. It fails to perform boundry > > checks when creating a bookmark from the malicious media file > > playing, > > resulting in a crash, overwriting ECX register. While the evil .mp3 > > is > > playing, you go Playback > Bookmarks > Manage bookmarks > Create." > > > > References: > > http://osvdb.org/show/osvdb/62728/printer > > Please use CVE-2011-1087 > > Thanks. > > -- > JB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ