oss-sec mailing list archives
CVE-2014-6440: Heap Overflow in VLC Transcode Module
From: Bill Blough <devel () blough us>
Date: Wed, 4 Mar 2015 20:45:33 -0500
Executive Summary ----------------- VLC versions before 2.1.5 contain a vulnerability in the transcode module that may allow a corrupted stream to overflow buffers on the heap. With a non-malicious input, this could lead to heap corruption and a crash. However, under the right circumstances, a malicious attacker could potentially use this vulnerability to hijack program execution, and on some platforms, execute arbitrary code. Remediation ----------- Prior to being notified of this issue, the VLC team had already made changes to the 2.2 development branch [0][1][2] that corrects this issue by reinitilizing the filters when a format change is detected. However, the fixes had not yet been backported to the 2.1 maintenance branch. Once notified, the VLC team quickly resolved the issue by backporting the relevant patches to the maintenance branch [3][4][5]. They also added an additional check on both the development[6] and maintenance[7] branches for good measure. CVE-2014-6440 [8] was assigned to this issue. Timeline -------- 2014-04-18: VLC team notified of issue 2014-04-19: Fixed in VLC repository 2014-07-06: VLC 2.1.5 maintenance release A more detailed writeup can be found on my blog [9]. Please note, I am not subscribed to the list, so please CC me if you reply. Bill [0]: http://git.videolan.org/?p=vlc.git;a=commit;h=a3a150b91f09620dc0d81c22db591a20faf4b2a5 [1]: http://git.videolan.org/?p=vlc.git;a=commit;h=39a99d25872f64dacd470fda86ba2193a55cda52 [2]: http://git.videolan.org/?p=vlc.git;a=commit;h=26989ea2d98380eef28843ffa8ca490e8f9d6dae [3]: http://git.videolan.org/?p=vlc/vlc-2.1.git;a=commit;h=28bd6670a26bf88c2523b7302e2c22f8ca210bb7 [4]: http://git.videolan.org/?p=vlc/vlc-2.1.git;a=commit;h=feca6658b4b84b4bc8b7a08431e811813277d31b [5]: http://git.videolan.org/?p=vlc/vlc-2.1.git;a=commit;h=e40a4a1a54be2b69e4e001451f0dd91f3857a976 [6]: http://git.videolan.org/?p=vlc.git;a=commit;h=a113b849e428b71813a569021bd10d6974f6621f [7]: http://git.videolan.org/?p=vlc/vlc-2.1.git;a=commit;h=a5bee4c5cf0c8fca0d1ddaf570aeebc78e824b15 [8]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6440 [9]: http://billblough.net/blog/2015-03-04-cve-2014-6440-heap-overflow-in-vlc-transcode-module
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE-2014-6440: Heap Overflow in VLC Transcode Module Bill Blough (Mar 04)