Security problem with VLC media player (upgrade to version 0.9.8a recommended)
Bug #305100 reported by
Bartosz Kosiorek
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
vlc (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: vlc
When parsing the header of an invalid Real Media file an integer overflow might occur then trigger a heap-based buffer overflows.
Impact
If successful, a malicious third party could trigger execution of arbitrary code within the context of the VLC media player.
VLC media player 0.9.8a addresses this issue. Patches for older versions are available from the official VLC source code repository 0.9-bugfix branch.
The details of this bug is available at:
http://
The source code of the VLC 0.9.8a is located at:
http://
Related branches
lp:~motumedia/vlc/ubuntu
- VCS imports: Pending requested
CVE References
To post a comment you must log in.
Thank you for your bug report.