Bug#522170: vlc: CVE-2009-1045 denial of service if web user interface is used

Christophe Mutricy xtophe at chewa.net
Wed Apr 1 19:29:05 UTC 2009

tags 522170 - security
tags 522170 + fixed-upstream
severity 522170 normal

Le Wed 01 Apr 09 à 13:17 +0200, Nico Golde a écrit :
> CVE-2009-1045[0]:
> | requests/status.xml in VLC 0.9.8a allows remote attackers to cause a
> | denial of service (stack consumption and crash) via a long input
> | argument in an in_play action.

This is not a security issue. Because if you have access to the html
interface and want to DoS vlc, you'd quicker to click on the "Close"

Anyway it's fixed in 0.9.9 which i am packaging atm.


More information about the pkg-multimedia-maintainers mailing list