Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-1045

requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action.

Related bugs and status

CVE-2009-1045 (Candidate) is related to these bugs:

Bug #285922: vlc: buffer overflow in TY demux

Summary				In	Importance	Status
	285922	vlc: buffer overflow in TY demux		vlc (Ubuntu)	Undecided	Fix Released
	285922	vlc: buffer overflow in TY demux		vlc (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2009031...
MISC: http://bugs.gentoo.org...
BID: 34126
XF: vlcmediaplayer-web-sta...
EXPLOIT-DB: 8213
OVAL: oval:org.mitre.oval:de...