Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <20160527171903.64AA8332023@smtpvbsrv1.mitre.org>
Date: Fri, 27 May 2016 13:19:03 -0400 (EDT)
From: cve-assign@...re.org
To: blinken@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: VLC - crash and potential code execution when processing QuickTime IMA files

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> it does not check
> that the number of channels in the input stream is less than or equal
> to the size of the buffer, resulting in an out-of-bounds write
> 
> potential for remote code execution via a malicious media file.

Use CVE-2016-5108.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXSIEeAAoJEHb/MwWLVhi2ER4QAK5kLAexK+KFPLs35LdTwYvu
YCcFcWZylzAhEXB8ukMGCrEikoXgZe5frYun/wRwmkKOauwyzGfH7kqzTEMq9cgs
ky43QVe7iSyVcsmi+jr+B2KUOq7vtTBaEhe2RR5PYG8vvseUYRO1rXiwMy7BTsSM
SwskbnIQ8IHg6RdIQ+XTnI0zOWqXmU+YT3H0P3QyqXa/2katuUAADN5/orDQSvfn
gmoh82VJc1tIJKckbEl2ivURfVPdVzb86Ng7ReJChR+YDx+MfZ9kcLZYH3982+9s
OrpGCR0NJlMurP7FWBwekrd/bgnYXXZJpiEg6Ygg39X+8TSbRNHrycfSnHj5D2At
GBcm6wdHWPROYHlQeeFng/wyxZC8qEP9LKIEQr8ypcEQT4UhJ9rQej0TTSHfXNiG
UXG3jhIHCJJEBhQQX92XrR9CYwbn3MCmrT4CE4OCKO+088w3uHPxiVMUc6T6U2Pq
ZElZ9kOLQposZe6ItuhHmPa9hOVzWpReeBZduPOdzW1PMDhfanUah7AEvp1eKn2d
waA9CBhNH/4cxwMSlZUYGjx6SB9jaTkmYYk8HmcEW40nlDlfn8RrPiSrsMZfQZHT
kO1ohrVDquQhoMycRu3GVaB9nGs+RGGfYD/XzsFSC+jb0PPuFKozdlHHonT5CP66
vq0r06z1IrJDK0Nye6Re
=ky5Z
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.