Bug#458318: Three security issues in vlc
Stefan Fritsch
sf at sfritsch.de
Sun Dec 30 10:56:22 UTC 2007
Package: vlc
Version: 0.8.6.c-4
Severity: grave
Tags: security
Justification: user security hole
These pages
http://mailman.videolan.org/pipermail/vlc-devel/2007-December/037726.html
https://trac.videolan.org/vlc/ticket/1371
describe a security issue which allows to write to arbitrary files with
mozilla-plugin-vlc.
According to http://www.securityfocus.com/archive/1/485488/30/0/threaded , there
are two more unfixed security issues in vlc:
A] buffer-overflow in the handling of the subtitles
B] format string in the web interface
AFAIK there are no CVE ids for these issues yet.
More information about the pkg-multimedia-maintainers
mailing list