oss-sec mailing list archives
Re: CVE id request: vlc
From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 10 Nov 2008 13:05:23 -0500 (EST)
====================================================== Name: CVE-2008-5032 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5032 Reference: MLIST:[oss-security] 20081105 CVE id request: vlc Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/05/5 Reference: MLIST:[oss-security] 20081105 VideoLAN security advisory 0810 Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/05/4 Reference: MISC:http://www.trapkit.de/advisories/TKADV2008-011.txt Reference: MISC:http://www.trapkit.de/advisories/TKADV2008-012.txt Reference: CONFIRM:http://git.videolan.org/?p=vlc.git;a=commitdiff;h=5f63f1562d43f32331006c2c1a61742de031b84d Reference: CONFIRM:http://git.videolan.org/?p=vlc.git;a=commitdiff;h=e3cef651125701a2e33a8d75b815b3e39681a447 Reference: CONFIRM:http://www.videolan.org/security/sa0810.html Multiple stack-based buffer overflows in VideoLAN VLC media player 0.5.0 through 0.9.5 allow user-assisted attackers to execute arbitrary code via (1) the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c; or (2) an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c.
Current thread:
- CVE id request: vlc Nico Golde (Oct 14)
- Re: CVE id request: vlc Steven M. Christey (Oct 14)
- <Possible follow-ups>
- CVE id request: vlc Nico Golde (Oct 19)
- Re: CVE id request: vlc Steven M. Christey (Oct 22)
- Re: CVE id request: vlc Nico Golde (Oct 22)
- Re: CVE id request: vlc Steven M. Christey (Oct 22)
- CVE id request: vlc Nico Golde (Nov 05)
- Re: CVE id request: vlc Steven M. Christey (Nov 10)
- Re: CVE id request: vlc Nico Golde (Nov 10)
- Re: CVE id request: vlc Steven M. Christey (Nov 10)
- Re: CVE id request: vlc RĂ©mi Denis-Courmont (Nov 11)
- Re: CVE id request: vlc Steven M. Christey (Nov 11)
- Re: CVE id request: vlc Steven M. Christey (Nov 10)