g_ of Orange Bat reported a heap-based buffer overflow when opening mms streams. Alexis / media-video, as we had an issue with upstream becoming aware of bugs by this researcher, please contact them to make sure.
patch committed: http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048488.html
(In reply to comment #1) > patch committed: > http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048488.html > applied in r2
Thanks for bumping so fast.
Arches, please test and mark stable: =media-video/vlc-0.8.6i-r2 Target keywords : "alpha amd64 ppc sparc x86"
sparc stable
Stable on alpha.
(In reply to comment #0) > g_ of Orange Bat reported a heap-based buffer overflow when opening mms > streams. just if someone picks this up for a cve id description.... it is not heap-based buf stack-based. cheers
(In reply to comment #7) > (In reply to comment #0) > > g_ of Orange Bat reported a heap-based buffer overflow when opening mms > > streams. > > just if someone picks this up for a cve id description.... it is not heap-based > buf stack-based. s/buf/but/ :)
amd64/x86 stable
ppc stable and ready for glsa
(In reply to comment #10) > ppc stable and ready for glsa > thanks, request filed.
CVE-2008-3794 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3794): Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a stack-based buffer overflow.
GLSA 200809-06