ports/129356: Document CVE-2008-5276 for multimedia/vlc-devel
Joseph S. Atkinson
jsa at wickedmachine.net
Tue Dec 2 01:40:01 UTC 2008
>Number: 129356
>Category: ports
>Synopsis: Document CVE-2008-5276 for multimedia/vlc-devel
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Dec 02 01:40:00 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Joseph S. Atkinson
>Release:
>Organization:
>Environment:
>Description:
This is an attempt to document CVE-2008-5276 for multimedia/vlc-devel in which a specially crafted Real Media (.rm) file can potentially be used to create a heap overflow.
This is my first attempt at a vulnxml entry, so be gentle. Constructive criticism welcomed.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
<vuln vid="1972d685-c010-11dd-a69e-000d8825e644">
<topic>Real Media integer overflow might trigger heap-based buffer overflow in vlc-devel</topic>
<affects>
<package>
<name>vlc-devel</name>
<range><gt>0.9.*,2</gt><lt>0.9.8,3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Tobias Klein (tk at trapkit.de) identified:</p>
<blockquote cite="http://www.trapkit.de/advisories/TKADV2008-013.txt">
<p>The VLC media player contains an integer overflow vulnerability while parsing malformed RealMedia (.rm) files. The vulnerability leads to a heap overflow that can be exploited by a (remote) attacker to execute arbitrary code in the context of VLC media player.</p>
</blockquote>
<p>The VideoLAN Security Advisory 0811 entry states:</p>
<blockquote cite="http://www.videolan.org/security/sa0811.html">
<p>When parsing the header of an invalid Real Media file an integer overflow might occur then trigger a heap-based buffer overflows.</p>
</blockquote>
</body>
</description>
<references>
<freebsdpr>ports/129355</freebsdpr>
<cvename>CVE-2008-5276</cvename>
<url>http://www.trapkit.de/advisories/TKADV2008-013.txt</url>
<url>http://www.videolan.org/security/sa0811.html</url>
</references>
<dates>
<discovery>2008-11-14</discovery>
<entry>2008-12-01</entry>
</dates>
</vuln>
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list