Debian VLC Update: DSA-1819-1 Critical Local Threats Detected
debian
June 18, 2009
Several vulnerabilities have been discovered in vlc, a multimedia player and streamer
Topics Covered
Summary
Several vulnerabilities have been discovered in vlc, a multimedia player
and streamer. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2008-1768
Drew Yao discovered that multiple integer overflows in the MP4 demuxer,
Real demuxer and Cinepak codec can lead to the execution of arbitrary
code.
CVE-2008-1769
Drew Yao discovered that the Cinepak codec is prone to a memory
corruption, which can be triggered by a crafted Cinepak file.
CVE-2008-1881
Luigi Auriemma discovered that it is possible to execute arbitrary code
via a long subtitle in an SSA file.
CVE-2008-2147
It was discovered that vlc is prone to a search path vulnerability,
which allows local users to perform privilege escalations.
CVE-2008-2430
Alin Rad Pop discovered that it is possible to execute arbitrary code
when opening a WAV file containing a large fmt chunk.
CVE-2008-3794
Pınar ...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!