Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 395543 (CVE-2012-0023) - <media-video/vlc-1.1.13 "get_chunk_header()" Double-Free Vulnerability (CVE-2012-0023)
Summary: <media-video/vlc-1.1.13 "get_chunk_header()" Double-Free Vulnerability (CVE-...
Status: RESOLVED FIXED
Alias: CVE-2012-0023
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/47325/
Whiteboard: B2 [glsa]
Keywords:
: 397553 (view as bug list)
Depends on:
Blocks:
 
Reported: 2011-12-21 13:42 UTC by Agostino Sarubbo
Modified: 2014-11-05 22:09 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2011-12-21 13:42:24 UTC
From secunia security advisory at $URL:

Description:
The vulnerability is caused due to a double-free error within the "get_chunk_header()" function (modules/demux/ty.c) of the TiVo demuxer and can be exploited to corrupt memory by e.g. tricking a user into opening a specially crafted TiVo (*.ty) file.

The vulnerability is reported in versions 0.9.0 through 1.1.12.


Solution:
Update to version 1.1.13
Comment 1 Agostino Sarubbo gentoo-dev 2011-12-21 13:45:34 UTC
@Alexis, can you tell me if ty.c is compiled as default gentoo configuration or with a specific?
Comment 2 Alexis Ballier gentoo-dev 2011-12-21 14:26:42 UTC
(In reply to comment #1)
> @Alexis, can you tell me if ty.c is compiled as default gentoo configuration or
> with a specific?

yes its built by default ( /usr/lib64/vlc/plugins/demux/libty_plugin.so ) here.


feel free to cc arches, 1.1.13 fixes a couple of other bugs too (see changelog)
Comment 3 Agostino Sarubbo gentoo-dev 2011-12-21 14:32:27 UTC
(In reply to comment #2)
> yes its built by default ( /usr/lib64/vlc/plugins/demux/libty_plugin.so ) here.
> 
> 
> feel free to cc arches, 1.1.13 fixes a couple of other bugs too (see changelog)

Sure, thanks

Arches, please test and mark stable:
=media-video/vlc-1.1.13
Target keywords : "alpha amd64 ppc ppc64 sparc x86"
Comment 4 Agostino Sarubbo gentoo-dev 2011-12-21 16:59:13 UTC
x86/amd64 stable
Comment 5 Mark Loeser (RETIRED) gentoo-dev 2011-12-27 17:17:11 UTC
ppc/ppc64 done
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2012-01-01 15:21:40 UTC
alpha/sparc stable
Comment 7 Agostino Sarubbo gentoo-dev 2012-01-01 16:18:23 UTC
Thanks everyone. Added to existing glsa draft.
Comment 8 Michael Harrison 2012-01-03 23:42:36 UTC
*** Bug 397553 has been marked as a duplicate of this bug. ***
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2012-10-29 18:28:33 UTC
CVE-2011-5231 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5231):
  Double free vulnerability in the get_chunk_header function in
  modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows
  remote attackers to cause a denial of service (crash) and possibly execute
  arbitrary code via a crafted TiVo (TY) file.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2012-11-01 22:31:39 UTC
CVE-2012-0023 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0023):
  Double free vulnerability in the get_chunk_header function in
  modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows
  remote attackers to cause a denial of service (crash) and possibly execute
  arbitrary code via a crafted TiVo (TY) file.

CVE-2011-5231 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5231):
  ** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2012-0023. 
  Reason: This candidate is a duplicate of CVE-2012-0023.  Notes: All CVE
  users should reference CVE-2012-0023 instead of this candidate.  All
  references and descriptions in this candidate have been removed to prevent
  accidental usage.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2014-11-05 22:09:16 UTC
This issue was resolved and addressed in
 GLSA 201411-01 at http://security.gentoo.org/glsa/glsa-201411-01.xml
by GLSA coordinator Sean Amoss (ackle).