Bug#502726: libty_plugin: vlc: exploitable buffer overflow in TY demux
Rémi Denis-Courmont
rdenis at simphalempin.com
Sun Oct 19 16:48:08 UTC 2008
tags 502726 + experimental
thanks
Le dimanche 19 octobre 2008 19:35:25 Nico Golde, vous avez écrit :
> > See also http://www.videolan.org/security/sa0809.html
>
> Are you sure that 0.8.6.h-4 in unstable is affected?
> Looking at
> http://git.videolan.org/?p=vlc.git;a=blob;f=modules/demux/ty.c;h=65a408f67a
>363747f7308a8a858a6dad50e54e67;hb=26d92b87bba99b5ea2e17b7eaa39c462d65e9133
> the overflow happens because of the integer conversion in 8
> + i_map_size or if i_map_size + 8 exceeds mst_buf.
> I had a look at the code in 0.8.6.h-4 and didn't see
> something similar. Only static size reads with correct
> sizes.
>
> Can you confirm that this does not affect 0.8.6.h-4 and if
> not, what do I miss?
Probably so. Unfortunately, I have no samples.
--
Rémi Denis-Courmont
http://www.remlab.net/
More information about the pkg-multimedia-maintainers
mailing list