Computer Security
[EN] securityvulns.ru no-pyccku


VLC Media Player buffer overflow
updated since 03.01.2007
Published:21.01.2007
Source:
SecurityVulns ID:6990
Type:client
Threat Level:
5/10
Description:Buffer overflow on oversized udp:// URI during M3U file parsing.
Affected:XINE : xine 0.99
 VLC : VLC Media Player 0.8
CVE:CVE-2007-0256 (VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.)
 CVE-2007-0255 (XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017.)
 CVE-2007-0017 (Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.)
Original documentdocumentMOAB, MOAB-02-01-2007: VLC Media Player udp:// Format String Vulnerability (21.01.2007)
Files:Exploits VLC Player for OSX to execute arbitrary code
 Exploits VLC Player for OSX to execute arbitrary code (PPC)
 VLC media player 0.8.6a Denial of Service

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod