Date: Tue, 2 Dec 2008 01:35:17 GMT From: "Joseph S. Atkinson" <jsa@wickedmachine.net> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/129356: Document CVE-2008-5276 for multimedia/vlc-devel Message-ID: <200812020135.mB21ZH0h093496@www.freebsd.org> Resent-Message-ID: <200812020140.mB21e1K1016726@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 129356 >Category: ports >Synopsis: Document CVE-2008-5276 for multimedia/vlc-devel >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Dec 02 01:40:00 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Joseph S. Atkinson >Release: >Organization: >Environment: >Description: This is an attempt to document CVE-2008-5276 for multimedia/vlc-devel in which a specially crafted Real Media (.rm) file can potentially be used to create a heap overflow. This is my first attempt at a vulnxml entry, so be gentle. Constructive criticism welcomed. >How-To-Repeat: >Fix: Patch attached with submission follows: <vuln vid="1972d685-c010-11dd-a69e-000d8825e644"> <topic>Real Media integer overflow might trigger heap-based buffer overflow in vlc-devel</topic> <affects> <package> <name>vlc-devel</name> <range><gt>0.9.*,2</gt><lt>0.9.8,3</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; <p>Tobias Klein (tk@trapkit.de) identified:</p> <blockquote cite="http://www.trapkit.de/advisories/TKADV2008-013.txt">; <p>The VLC media player contains an integer overflow vulnerability while parsing malformed RealMedia (.rm) files. The vulnerability leads to a heap overflow that can be exploited by a (remote) attacker to execute arbitrary code in the context of VLC media player.</p> </blockquote> <p>The VideoLAN Security Advisory 0811 entry states:</p> <blockquote cite="http://www.videolan.org/security/sa0811.html">; <p>When parsing the header of an invalid Real Media file an integer overflow might occur then trigger a heap-based buffer overflows.</p> </blockquote> </body> </description> <references> <freebsdpr>ports/129355</freebsdpr> <cvename>CVE-2008-5276</cvename> <url>http://www.trapkit.de/advisories/TKADV2008-013.txt</url>; <url>http://www.videolan.org/security/sa0811.html</url>; </references> <dates> <discovery>2008-11-14</discovery> <entry>2008-12-01</entry> </dates> </vuln> >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200812020135.mB21ZH0h093496>