Date: Sun, 30 Nov 2008 00:12:44 +0300 (MSK) From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: FreeBSD-gnats-submit@freebsd.org Cc: freebsd-vuxml@freebsd.org Subject: [vuxml] multimedia/vlc-devel: document CVE-2008-4654 and CVE-2008-4686 Message-ID: <20081129211244.505D817115@amnesiac.at.no.dns>
next in thread | raw e-mail | index | archive | help
>Submitter-Id: current-users >Originator: Eygene Ryabinkin >Organization: Code Labs >Confidential: no >Synopsis: [vuxml] multimedia/vlc-devel: document CVE-2008-4654 and CVE-2008-4686 >Severity: non-critical >Priority: medium >Category: ports >Class: sw-bug >Release: FreeBSD 7.1-PRERELEASE amd64 >Environment: System: FreeBSD 7.1-PRERELEASE amd64 >Description: Multiple overflows were discovered in the TiVo demuxer within the VLC player. >How-To-Repeat: Look at http://www.openwall.com/lists/oss-security/2008/10/22/2 >Fix: The following VuXML entry should be evaluated and added: --- vuln.xml begins here --- <vuln vid=""> <topic>vlc-devel -- multiple overflows in the TiVo demux plugin</topic> <affects> <package> <name>vlc-devel</name> <range><ge>0.9.0.20080223</ge><lt>0.9.5</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; <p>Tobias Klein from TrapKit notifies:</p> <blockquote cite="http://www.trapkit.de/advisories/TKADV2008-010.txt">; <p>The VLC media player contains a stack overflow vulnerability while parsing malformed TiVo ty media files. The vulnerability can be trivially exploited by a (remote) attacker to execute arbitrary code in the context of VLC media player.</p> </blockquote> <p>Entry for CVE-2008-4686 says:</p> <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4686">; <p>Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, allow remote attackers to have an unknown impact via a crafted .ty file, a different vulnerability than CVE-2008-4654.</p> </blockquote> </body> </description> <references> <url>http://www.trapkit.de/advisories/TKADV2008-010.txt</url>; <cvename>CVE-2008-4654</cvename> <bid>31813</bid> <cvename>CVE-2008-4686</cvename> </references> <dates> <discovery>2008-10-18</discovery> <entry>TODAY</entry> </dates> </vuln> --- vuln.xml ends here --- I had traced the vulnerable code down to the 0.9.0.20080223: older snapshots have no such code as referenced in the commits http://git.videolan.org/?p=vlc.git;a=blobdiff;f=modules/demux/ty.c;h=f7d42bc4f8edc9890fec96a4933100f114f1258d;hp=231fddabf8a53136040e7e3f5d0202d0539c8a93;hb=fde9e1cc1fe1ec9635169fa071e42b3aa6436033;hpb=b63538354a6a49ae5a878edd37221480cb7850f5 http://git.videolan.org/?p=vlc.git;a=commitdiff;h=d859e6b9537af2d7326276f70de25a840f554dc3
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081129211244.505D817115>