Debian: DSA-1543-1 Critical: VLC Remote Code Execution Issue
debian
April 9, 2008
A buffer overflow vulnerability in subtitle handling allows an
attacker to execute arbitrary code through the opening of a
maliciously crafted MicroDVD, SSA or Vplaye...
Topics Covered
Summary
CVE-2007-6681
A buffer overflow vulnerability in subtitle handling allows an
attacker to execute arbitrary code through the opening of a
maliciously crafted MicroDVD, SSA or Vplayer file.
CVE-2007-6682
A format string vulnerability in the HTTP-based remote control
facility of the vlc application allows a remote, unauthenticated
attacker to execute arbitrary code.
CVE-2007-6683
Insecure argument validation allows a remote attacker to overwrite
arbitrary files writable by the user running vlc, if a maliciously
crafted M3U playlist or MP3 audio file is opened.
CVE-2008-0295, CVE-2008-0296
Heap buffer overflows in RTSP stream and session description
protocol (SDP) handling allow an attacker to execute arbitrary
code if a maliciously-crafted RTSP stream is played.
CVE-2008-0073
Insufficient integer bounds checking in SDP handling allows the
execution of arbitrary code through a maliciously crafted SDP
stream ID paramet...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!