ports/129356: Document CVE-2008-5276 for multimedia/vlc-devel

Joseph S. Atkinson jsa at wickedmachine.net
Tue Dec 2 01:40:01 UTC 2008 

>Number:         129356
>Category:       ports
>Synopsis:       Document CVE-2008-5276 for multimedia/vlc-devel
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 02 01:40:00 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Joseph S. Atkinson
>Release:        
>Organization:
>Environment:
>Description:
This is an attempt to document CVE-2008-5276 for multimedia/vlc-devel in which a specially crafted Real Media (.rm) file can potentially be used to create a heap overflow.

This is my first attempt at a vulnxml entry, so be gentle. Constructive criticism welcomed.
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

<vuln vid="1972d685-c010-11dd-a69e-000d8825e644">
	<topic>Real Media integer overflow might trigger heap-based buffer overflow in vlc-devel</topic>
		<affects>
			<package>
				<name>vlc-devel</name>
				<range><gt>0.9.*,2</gt><lt>0.9.8,3</lt></range>
			</package>
		</affects>
		<description>
			<body xmlns="http://www.w3.org/1999/xhtml">
				<p>Tobias Klein (tk at trapkit.de) identified:</p>
				<blockquote cite="http://www.trapkit.de/advisories/TKADV2008-013.txt">
					<p>The VLC media player contains an integer overflow vulnerability while parsing malformed RealMedia (.rm) files. The vulnerability leads to a heap overflow that can be exploited by a (remote) attacker to execute arbitrary code in the context of VLC media player.</p>
				</blockquote>
				<p>The VideoLAN Security Advisory 0811 entry states:</p>
				<blockquote cite="http://www.videolan.org/security/sa0811.html">
					<p>When parsing the header of an invalid Real Media file an integer overflow might occur then trigger a heap-based buffer overflows.</p>
 				</blockquote>
			</body>
		</description>
	<references>
	    	<freebsdpr>ports/129355</freebsdpr>
	    	<cvename>CVE-2008-5276</cvename>
		<url>http://www.trapkit.de/advisories/TKADV2008-013.txt</url>
		<url>http://www.videolan.org/security/sa0811.html</url>
	</references>
	<dates>
		<discovery>2008-11-14</discovery>
		<entry>2008-12-01</entry>
	</dates>
 </vuln>


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list