|
Message-ID: <20150820145253.GB24832@kronk.local>
Date: Thu, 20 Aug 2015 16:52:53 +0200
From: Alessandro Ghedini <alessandro@...dini.me>
To: Andrea Barisani <lcars@...rt.org>
Cc: oss-security@...ts.openwall.com
Subject: Re: [oCERT-2015-009] VLC arbitrary pointer dereference
On Thu, Aug 20, 2015 at 03:01:39pm +0200, Andrea Barisani wrote:
>
> #2015-009 VLC arbitrary pointer dereference
>
> Description:
>
> The VLC media player is an open source media player and streaming media
> server.
>
> The stable VLC version suffers from an arbitrary pointer dereference
> vulnerability.
>
> The vulnerability affects the 3GP file format parser, insufficient
> restrictions on a writable buffer can be exploited to execute arbitrary code
> via the heap memory. A specific 3GP file can be crafted to trigger the
> vulnerability.
So, is there a reproducer for this issue that you can share?
Thanks
Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.