Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19429
HistoryMar 17, 2008 - 12:00 a.m.

VLC highlander bug

2008-03-1700:00:00
vulners.com
73
JSON

The old buffer-overflow in the subtitles handled by VLC has not been
fully patched in version 0.8.6e, in fact buffer_text2 in ParseSSA is
still unchecked:

if( sscanf( s,
  "Dialogue: %[^,],%d:%d:%d.%d,%d:%d:%d.%d,%81920[^\r\n]",
  buffer_text2,

The funny thing is that my old proof-of-concept was built just to test
this specific buffer-overflow and in fact it works on the new VLC version
too without modifications 8-)

Instead the SVN version was and is patched from 10 months as I wrote in
my old advisory:

http://aluigi.org/adv/vlcboffs-adv.txt

Luigi Auriemma
http://aluigi.org

JSON