Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-1881

Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681.

Related bugs and status

CVE-2008-1881 (Candidate) is related to these bugs:

Bug #238873: vlc in Hardy needs a security update

		In	Importance	Status
238873	vlc in Hardy needs a security update	vlc (Ubuntu)	High	Fix Released
238873	vlc in Hardy needs a security update	vlc (Ubuntu Dapper)	Undecided	Invalid
238873	vlc in Hardy needs a security update	vlc (Ubuntu Feisty)	Undecided	Won't Fix
238873	vlc in Hardy needs a security update	vlc (Ubuntu Gutsy)	Undecided	Won't Fix
238873	vlc in Hardy needs a security update	vlc (Ubuntu Intrepid)	High	Fix Released
238873	vlc in Hardy needs a security update	vlc (Ubuntu Hardy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

BUGTRAQ: 20080317 VLC highlande...
MISC: http://aluigi.org/adv/...
CONFIRM: http://wiki.videolan.o...
GENTOO: GLSA-200804-25
SECUNIA: 29800
BID: 28274
MISC: http://aluigi.altervis...
SECUNIA: 28233
BID: 28251
XF: vlc-parsessa-bo(41936)
XF: vlcmediaplayer-subtitl...
EXPLOIT-DB: 5250
OVAL: oval:org.mitre.oval:de...