From a24567fbc43f221b14e805f9bc0b7c6d16911c46 Mon Sep 17 00:00:00 2001 From: Alex Legler Date: Sun, 8 Mar 2015 22:02:38 +0100 Subject: Import existing advisories --- glsa-200803-13.xml | 100 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 100 insertions(+) create mode 100644 glsa-200803-13.xml (limited to 'glsa-200803-13.xml') diff --git a/glsa-200803-13.xml b/glsa-200803-13.xml new file mode 100644 index 00000000..fc2d50b9 --- /dev/null +++ b/glsa-200803-13.xml @@ -0,0 +1,100 @@ + + + + + + + VLC: Multiple vulnerabilities + + Multiple vulnerabilities were found in VLC, allowing for the execution of + arbitrary code and Denial of Service. + + vlc + March 07, 2008 + March 07, 2008: 01 + 203345 + 211575 + 205299 + remote + + + 0.8.6e + 0.8.6e + + + +

+ VLC is a cross-platform media player and streaming server. +

+ + +

+ Multiple vulnerabilities were found in VLC: +

+
    +
  • Michal Luczaj + and Luigi Auriemma reported that VLC contains boundary errors when + handling subtitles in the ParseMicroDvd(), ParseSSA(), and + ParseVplayer() functions in the modules/demux/subtitle.c file, allowing + for a stack-based buffer overflow (CVE-2007-6681).
    • +
  • The web + interface listening on port 8080/tcp contains a format string error in + the httpd_FileCallBack() function in the network/httpd.c file + (CVE-2007-6682).
    • +
  • The browser plugin possibly contains an + argument injection vulnerability (CVE-2007-6683).
    • +
  • The RSTP + module triggers a NULL pointer dereference when processing a request + without a "Transport" parameter (CVE-2007-6684).
    • +
  • Luigi + Auriemma and Remi Denis-Courmont found a boundary error in the + modules/access/rtsp/real_sdpplin.c file when processing SDP data for + RTSP sessions (CVE-2008-0295) and a vulnerability in the + libaccess_realrtsp plugin (CVE-2008-0296), possibly resulting in a + heap-based buffer overflow.
    • +
  • Felipe Manzano and Anibal Sacco + (Core Security Technologies) discovered an arbitrary memory overwrite + vulnerability in VLC's MPEG-4 file format parser (CVE-2008-0984).
    • +
+ + +

+ A remote attacker could send a long subtitle in a file that a user is + enticed to open, a specially crafted MP4 input file, long SDP data, or + a specially crafted HTTP request with a "Connection" header value + containing format specifiers, possibly resulting in the remote + execution of arbitrary code. Also, a Denial of Service could be caused + and arbitrary files could be overwritten via the "demuxdump-file" + option in a filename in a playlist or via an EXTVLCOPT statement in an + MP3 file. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All VLC users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/vlc-0.8.6e" + + + CVE-2007-6681 + CVE-2007-6682 + CVE-2007-6683 + CVE-2007-6684 + CVE-2008-0295 + CVE-2008-0296 + CVE-2008-0984 + + + keytoaster + + + p-y + + -- cgit v1.2.3-65-gdbad