Bug#497894: vlc: CVE-2008-3732 Integer overflow in the Open function in modules/demux/tta.c
Bernard Massot
bmassot at free.fr
Fri Sep 5 08:03:14 UTC 2008
Package: vlc
Version: 0.8.6.h-4
Severity: grave
Tags: security
Justification: user security hole
When parsing the header of an invalid TTA file, an integer overflow might
happen causing an heap-based buffer overflow.
When parsing a response from an MMS server, an integer overflow might happen
causing a stack-based buffer overflow.
See http://www.videolan.org/security/sa0807.html .
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.25-2-686 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages vlc depends on:
ii libaa1 1.4p5-37+b1 ascii art library
ii libatk1.0-0 1.22.0-1 The ATK accessibility toolkit
ii libavcodec51 0.svn20080206-12 ffmpeg codec library
ii libc6 2.7-13 GNU C Library: Shared libraries
ii libcaca0 0.99.beta14-1 colour ASCII art library
ii libcairo2 1.6.4-6 The Cairo 2D vector graphics libra
ii libcdio7 0.78.2+dfsg1-3 library to read and control CD-ROM
ii libcucul0 0.99.beta14-1 low-level Unicode character drawin
ii libdbus-1-3 1.2.1-3 simple interprocess messaging syst
ii libdbus-glib-1-2 0.76-1 simple interprocess messaging syst
ii libfreetype6 2.3.7-2 FreeType 2 font engine, shared lib
ii libfribidi0 0.10.9-1 Free Implementation of the Unicode
ii libgcc1 1:4.3.1-9 GCC support library
ii libgl1-mesa-glx [libgl 7.0.3-5 A free implementation of the OpenG
ii libglib2.0-0 2.16.5-1 The GLib library of C routines
ii libglu1-mesa [libglu1] 7.0.3-5 The OpenGL utility library (GLU)
ii libgtk2.0-0 2.12.11-3 The GTK+ graphical user interface
ii libice6 2:1.0.4-1 X11 Inter-Client Exchange library
ii libiso9660-5 0.78.2+dfsg1-3 library to work with ISO9660 files
ii libjpeg62 6b-14 The Independent JPEG Group's JPEG
ii libnotify1 [libnotify1 0.4.4-3 sends desktop notifications to a n
ii libpango1.0-0 1.20.5-2 Layout and rendering of internatio
ii libpng12-0 1.2.27-1 PNG library - runtime
ii libsdl-image1.2 1.2.6-3 image loading library for Simple D
ii libsdl1.2debian 1.2.13-2 Simple DirectMedia Layer
ii libsm6 2:1.0.3-2 X11 Session Management library
ii libstdc++6 4.3.1-9 The GNU Standard C++ Library v3
ii libtar 1.2.11-5 C library for manipulating tar arc
ii libtiff4 3.8.2-11 Tag Image File Format (TIFF) libra
ii libvcdinfo0 0.7.23-4 library to extract information fro
ii libvlc0 0.8.6.h-4 multimedia player and streamer lib
ii libwxbase2.6-0 2.6.3.2.2-2 wxBase library (runtime) - non-GUI
ii libwxgtk2.6-0 2.6.3.2.2-2 wxWidgets Cross-platform C++ GUI t
ii libx11-6 2:1.1.4-2 X11 client-side library
ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar
ii libxinerama1 2:1.0.3-2 X11 Xinerama extension library
ii libxosd2 2.2.14-1.6 X On-Screen Display library - runt
ii libxv1 2:1.0.4-1 X11 Video extension library
ii ttf-dejavu-core 2.25-3 Vera font family derivate with add
ii vlc-nox 0.8.6.h-4 multimedia player and streamer (wi
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
vlc recommends no packages.
Versions of packages vlc suggests:
pn mozilla-plugin-vlc <none> (no description available)
pn videolan-doc <none> (no description available)
-- no debconf information
More information about the pkg-multimedia-maintainers
mailing list