[Bug 285922] Re: vlc: buffer overflow in TY demux

Launchpad Bug Tracker 285922 at bugs.launchpad.net
Thu Jul 2 17:11:50 UTC 2009


This bug was fixed in the package vlc - 0.9.4-1ubuntu3.2

---------------
vlc (0.9.4-1ubuntu3.2) intrepid-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution via stack-based overflow in
    the Ty demux plugin (LP: #285922)
    - debian/patches/901_CVE-2008-4654.patch: don't overflow mst_buf in
      modules/demux/ty.c
    - CVE-2008-4654
  * SECURITY UPDATE: Arbitrary code execution via integer overflows in
    the Ty demux plugin (LP: #285922)
    - debian/patches/902_CVE-2008-4686.patch: make some variables unsigned
      in modules/demux/ty.c so they don't overflow.
    - CVE-2008-4686
  * SECURITY UPDATE: Arbitrary code execution via stack-based buffer
    overflow via invalid RealText subtitle file.
    - debian/patches/903_CVE-2008-5036.patch: limit sscanf sizes in
      modules/demux/subtitle.c
    - CVE-2008-5036
  * SECURITY UPDATE: Arbitrary code execution via heap-based buffer
    overflow via malformed RealMedia file.
    - debian/patches/904_CVE-2008-5276.patch: replace malloc with calloc in
      modules/demux/real.c
    - CVE-2008-5276
  * SECURITY UPDATE: Denial of service via long input argument.
    - debian/patches/905_CVE-2009-1045.patch: make sure we can't overflow
      psz_dup in src/input/input.c
    - CVE-2009-1045

 -- Marc Deslauriers <marc.deslauriers at ubuntu.com>   Sun, 28 Jun 2009
12:13:15 -0400

** Changed in: vlc (Ubuntu)
       Status: Confirmed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5036

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5276

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-1045

-- 
vlc: buffer overflow in TY demux
https://bugs.launchpad.net/bugs/285922
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs




More information about the universe-bugs mailing list