VLC Media Player buffer overflow updated since 03.01.2007
Published:		21.01.2007
Source:		MILW0RM
SecurityVulns ID:		6990
Type:		client
Level:		5/10
Description:		Buffer overflow on oversized udp:// URI during M3U file parsing.

Affected:		XINE : xine 0.99
		VLC : VLC Media Player 0.8
CVE:		CVE-2007-0256 (VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.)
		CVE-2007-0255 (XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017.)
		CVE-2007-0017 (Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.)

Original document

MOAB, MOAB-02-01-2007: VLC Media Player udp:// Format String Vulnerability (21.01.2007)

Files:		Exploits VLC Player for OSX to execute arbitrary code
		Exploits VLC Player for OSX to execute arbitrary code (PPC)
		VLC media player 0.8.6a Denial of Service
Discuss:		Read or add your comments to this news (0 comments)