Ubuntu
vlc package

vlc: RealMedia demuxer integer overflow

Bug #807486 reported by Rémi Denis-Courmont
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
VLC media player
Fix Released
Critical
Rémi Denis-Courmont
VLC media player 1.1.11
vlc (Debian)
Fix Released
Unknown
vlc (Ubuntu)
Fix Released
Undecided
Unassigned
Maverick
Fix Released
Undecided
Unassigned
Natty
Fix Released
Undecided
Unassigned

Bug Description

An integer overflow error when handling the "frame_size" and
"sub_packet_h" fields within the RealAudio data block (DemuxAudioSipr() in
modules/demux/real.c) in RealMedia (RM) files can be exploited to cause a
heap-based buffer overflow.

Rémi Denis-Courmont (rdenis)
Changed in vlc:
assignee: nobody → Rémi Denis-Courmont (rdenis)
importance: Undecided → Critical
status: New → Confirmed
Changed in vlc (Ubuntu):
status: New → Confirmed
Changed in vlc:
milestone: none → 1.1.11
Revision history for this message
Rémi Denis-Courmont (rdenis) wrote :
Changed in vlc:
status: Confirmed → Fix Committed
tags: added: patch-forwarded-upstream
Rémi Denis-Courmont (rdenis)
tags: added: patch-accepted-upstream
removed: patch-forwarded-upstream
visibility: private → public
Changed in vlc:
status: Fix Committed → Won't Fix
status: Won't Fix → Fix Released
Rémi Denis-Courmont (rdenis)
summary: - vlc: CVE-2011-2587 RealMedia demuxer integer overflow
+ vlc: RealMedia demuxer integer overflow
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vlc - 1.1.11-1ubuntu1

---------------
vlc (1.1.11-1ubuntu1) oneiric; urgency=low

  * Merge from Debian unstable, remaining changes:
    - build and install the libx264 plugin

vlc (1.1.11-1) unstable; urgency=high

  * New upstream release.
    - Fix heap overflow in RealMedia plugin (Closes: #633674, LP: #807486)
    - Fix heap overflow in AVI plugin (Closes: #633675, LP: #807488)
  * Call dh_autoreconf with --as-needed and drop 052_as-needed.patch.
  * Drop backported patches.
  * Drop libschroedinger weaken patch (upstream weakened it to 1.0.6).
  * Refresh remaining patches.
 -- Benjamin Drung <email address hidden> Mon, 18 Jul 2011 11:40:18 +0200

Changed in vlc (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vlc - 1.1.9-1ubuntu1.3

---------------
vlc (1.1.9-1ubuntu1.3) natty-security; urgency=low

  * SECURITY UPDATE: Heap overflow in RealMedia demuxer (LP: #807486)
    - debian/patches/CVE-2011-2587.patch: real: fix heap buffer overflow,
      thanks to Rémi Denis-Courmont
    - CVE-2011-2587
    - VideoLAN-SA-1105
  * SECURITY UPDATE: Heap overflow in AVI demuxer (LP: #807488)
    - debian/patches/CVE-2011-2588.patch: AVI: fix heap buffer overflow,
      thanks to Rémi Denis-Courmont
    - CVE-2011-2588
    - VideoLAN-SA-1106
 -- Benjamin Drung <email address hidden> Mon, 18 Jul 2011 15:48:36 +0200

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vlc - 1.1.4-1ubuntu1.7

---------------
vlc (1.1.4-1ubuntu1.7) maverick-security; urgency=low

  * SECURITY UPDATE: Heap overflow in RealMedia demuxer (LP: #807486)
    - debian/patches/CVE-2011-2587.patch: real: fix heap buffer overflow,
      thanks to Rémi Denis-Courmont
    - CVE-2011-2587
    - VideoLAN-SA-1105
  * SECURITY UPDATE: Heap overflow in AVI demuxer (LP: #807488)
    - debian/patches/CVE-2011-2588.patch: AVI: fix heap buffer overflow,
      thanks to Rémi Denis-Courmont
    - CVE-2011-2588
    - VideoLAN-SA-1106
 -- Benjamin Drung <email address hidden> Mon, 18 Jul 2011 16:10:28 +0200

Changed in vlc (Ubuntu Maverick):
status: New → Fix Released
Changed in vlc (Ubuntu Natty):
status: New → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in vlc (Debian):
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.