From owner-freebsd-ports-bugs@FreeBSD.ORG Tue Dec 2 01:40:01 2008 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A88D61065675 for ; Tue, 2 Dec 2008 01:40:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 8E84A8FC16 for ; Tue, 2 Dec 2008 01:40:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id mB21e1DU016727 for ; Tue, 2 Dec 2008 01:40:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id mB21e1K1016726; Tue, 2 Dec 2008 01:40:01 GMT (envelope-from gnats) Resent-Date: Tue, 2 Dec 2008 01:40:01 GMT Resent-Message-Id: <200812020140.mB21e1K1016726@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Joseph S. Atkinson" Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5625F1065670 for ; Tue, 2 Dec 2008 01:35:18 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 4E7978FC13 for ; Tue, 2 Dec 2008 01:35:18 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id mB21ZIxs093505 for ; Tue, 2 Dec 2008 01:35:18 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id mB21ZH0h093496; Tue, 2 Dec 2008 01:35:17 GMT (envelope-from nobody) Message-Id: <200812020135.mB21ZH0h093496@www.freebsd.org> Date: Tue, 2 Dec 2008 01:35:17 GMT From: "Joseph S. Atkinson" To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: ports/129356: Document CVE-2008-5276 for multimedia/vlc-devel X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Dec 2008 01:40:01 -0000 >Number: 129356 >Category: ports >Synopsis: Document CVE-2008-5276 for multimedia/vlc-devel >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Dec 02 01:40:00 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Joseph S. Atkinson >Release: >Organization: >Environment: >Description: This is an attempt to document CVE-2008-5276 for multimedia/vlc-devel in which a specially crafted Real Media (.rm) file can potentially be used to create a heap overflow. This is my first attempt at a vulnxml entry, so be gentle. Constructive criticism welcomed. >How-To-Repeat: >Fix: Patch attached with submission follows: Real Media integer overflow might trigger heap-based buffer overflow in vlc-devel vlc-devel 0.9.*,20.9.8,3

Tobias Klein (tk@trapkit.de) identified:

The VLC media player contains an integer overflow vulnerability while parsing malformed RealMedia (.rm) files. The vulnerability leads to a heap overflow that can be exploited by a (remote) attacker to execute arbitrary code in the context of VLC media player.

The VideoLAN Security Advisory 0811 entry states:

When parsing the header of an invalid Real Media file an integer overflow might occur then trigger a heap-based buffer overflows.

 ports/129355 CVE-2008-5276 http://www.trapkit.de/advisories/TKADV2008-013.txt http://www.videolan.org/security/sa0811.html 2008-11-14 2008-12-01 >Release-Note: >Audit-Trail: >Unformatted: