VLC: User-assisted execution of arbitrary code — GLSA 200804-25

Multiple vulnerabilities were found in VLC, allowing for the execution of arbitrary code.

Affected packages

Background

VLC is a cross-platform media player and streaming server.

Description

Multiple vulnerabilities were found in VLC:

• Luigi Auriemma discovered that the stack-based buffer overflow when reading subtitles, which has been reported as CVE-2007-6681 in GLSA 200803-13, was not properly fixed (CVE-2008-1881).
• Alin Rad Pop of Secunia reported an array indexing vulnerability in the sdpplin_parse() function when processing streams from RTSP servers in Xine code, which is also used in VLC (CVE-2008-0073).
• Drew Yao and Nico Golde reported an integer overflow in the MP4_ReadBox_rdrf() function in the file libmp4.c leading to a heap-based buffer overflow when reading MP4 files (CVE-2008-1489).
• Drew Yao also reported integer overflows in the MP4 demuxer, the Real demuxer and in the Cinepak codec, which might lead to buffer overflows (CVE-2008-1768).
• Drew Yao finally discovered and a boundary error in Cinepak, which might lead to memory corruption (CVE-2008-1769).

Impact

A remote attacker could entice a user to open a specially crafted media file or stream, possibly resulting in the remote execution of arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-video/vlc-0.8.6f"

References

• CVE-2007-6681
• CVE-2008-0073
• CVE-2008-1489
• CVE-2008-1768
• CVE-2008-1769
• CVE-2008-1881
• GLSA 200803-13

Release date
April 23, 2008

Latest revision
April 23, 2008: 01

Severity
normal

Exploitable
remote

Bugzilla entries

• 214277
• 214627