Bug#502726: libty_plugin: vlc: exploitable buffer overflow in TY demux
Remi Denis-Courmont
rdenis at simphalempin.com
Sun Oct 19 13:18:56 UTC 2008
Package: vlc-nox
Version: 0.8.6.h-4
Severity: grave
File: libty_plugin
Tags: security
Justification: user security hole
VLC versions 0.8.2 through 0.9.4 are prone to an exploitable
stack-based buffer overflow in the TY (TiVo) file parser.
See also http://www.videolan.org/security/sa0809.html
N.B.: please give me the CVE ID if you allocate one.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.27 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages vlc-nox depends on:
ii liba52-0.7.4 0.7.4-11 library for decoding ATSC A/52 str
ii libasound2 1.0.16-2 ALSA library
ii libavahi-client3 0.6.23-2 Avahi client library
ii libavahi-common3 0.6.23-2 Avahi common library
ii libavc1394-0 0.5.3-1+b1 control IEEE 1394 audio/video devi
ii libavcodec51 0.svn20080206-14 ffmpeg codec library
ii libavformat52 0.svn20080206-14 ffmpeg file format library
ii libavutil49 0.svn20080206-14 ffmpeg utility library
ii libc6 2.7-15 GNU C Library: Shared libraries
ii libcdio7 0.78.2+dfsg1-3 library to read and control CD-ROM
ii libdbus-1-3 1.2.1-3 simple interprocess messaging syst
ii libdvbpsi4 0.1.5-3.1 library for MPEG TS and DVB PSI ta
ii libdvdnav4 4.1.2-3 DVD navigation library
ii libdvdread3 0.9.7-11 library for reading DVDs
ii libebml0 0.7.7-3.1 access library for the EBML format
ii libfaad0 2.6.1-3.1 freeware Advanced Audio Decoder -
ii libflac8 1.2.1-1.2 Free Lossless Audio Codec - runtim
ii libfreetype6 2.3.7-2 FreeType 2 font engine, shared lib
ii libfribidi0 0.10.9-1 Free Implementation of the Unicode
ii libgcc1 1:4.3.2-1 GCC support library
ii libgcrypt11 1.4.1-1 LGPL Crypto library - runtime libr
ii libgnutls26 2.4.2-1 the GNU TLS library - runtime libr
ii libhal1 0.5.11-5 Hardware Abstraction Layer - share
ii libid3tag0 0.15.1b-10 ID3 tag reading library from the M
ii libiso9660-5 0.78.2+dfsg1-3 library to work with ISO9660 files
ii liblircclient0 0.8.3-3 infra-red remote control support -
ii libmad0 0.15.1b-3 MPEG audio decoder library
ii libmatroska0 0.8.1-1.1 extensible open standard audio/vid
ii libmodplug0c2 1:0.8.4-2 shared libraries for mod music bas
ii libmpcdec3 1.2.2-1 Musepack (MPC) format library
ii libmpeg2-4 0.4.1-3 MPEG1 and MPEG2 video decoder libr
ii libncurses5 5.6+20081011-1 shared libraries for terminal hand
ii libogg0 1.1.3-4 Ogg Bitstream Library
ii libpng12-0 1.2.27-2 PNG library - runtime
ii libpostproc51 0.svn20080206-14 ffmpeg video postprocessing librar
ii libraw1394-8 1.3.0-4 library for direct access to IEEE
ii libsmbclient 2:3.2.3-3 shared library that allows applica
ii libspeex1 1.2~rc1-1 The Speex codec runtime library
ii libstdc++6 4.3.2-1 The GNU Standard C++ Library v3
ii libsysfs2 2.1.0-5 interface library to sysfs
ii libtheora0 1.0~beta3-1 The Theora Video Compression Codec
ii libtwolame0 0.3.12-1 MPEG Audio Layer 2 encoding librar
ii libvcdinfo0 0.7.23-4 library to extract information fro
ii libvlc0 0.8.6.h-4 multimedia player and streamer lib
ii libvorbis0a 1.2.0.dfsg-3.1 The Vorbis General Audio Compressi
ii libvorbisenc2 1.2.0.dfsg-3.1 The Vorbis General Audio Compressi
ii libxml2 2.6.32.dfsg-4 GNOME XML library
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
vlc-nox recommends no packages.
vlc-nox suggests no packages.
-- no debconf information
More information about the pkg-multimedia-maintainers
mailing list