Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 360189 (CVE-2010-3275) - <media-video/vlc-1.1.8: Vulnerabilities handling .AMV and .NSV files (CVE-2010-{3275,3276})
Summary: <media-video/vlc-1.1.8: Vulnerabilities handling .AMV and .NSV files (CVE-201...
Status: RESOLVED FIXED
Alias: CVE-2010-3275
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.coresecurity.com/content/v...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-03-23 20:39 UTC by Tim Sammut (RETIRED)
Modified: 2014-11-05 22:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2011-03-23 20:39:21 UTC
From $URL:

2. Vulnerability Information

Class: Buffer overflow [CWE-119], Buffer overflow [CWE-119]
Impact: Code execution
Remotely Exploitable: Yes (client-side)
Locally Exploitable: No
CVE Name: CVE-2010-3275, CVE-2010-3276

3. Vulnerability Description

Two vulnerabilities have been found in VLC media player [1], when handling .AMV and .NSV file formats. These vulnerabilities can be exploited by a remote attacker to obtain arbitrary code execution with the privileges of the user running VLC.
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2011-03-25 18:32:38 UTC
Upstream has released 1.1.8, which the third-party advisory at $URL says is fixed. I do not see a videolan.org advisory yet.
Comment 2 Alexis Ballier gentoo-dev 2011-03-29 02:38:36 UTC
1.1.8 in tree
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2011-03-29 03:26:09 UTC
(In reply to comment #2)
> 1.1.8 in tree

Great, thanks.

Arches, please test and mark stable:
=media-video/vlc-1.1.8
Target keywords : "alpha amd64 ppc ppc64 sparc x86"
Comment 4 Andreas Schürch gentoo-dev 2011-03-29 06:40:34 UTC
Tested on x86. It looks quite good here, but USE="-X" fails a bit ugly if USE="aalib" and/or USE="sdl".
Comment 5 Agostino Sarubbo gentoo-dev 2011-03-29 12:32:41 UTC
(In reply to comment #3)
> Arches, please test and mark stable:
> =media-video/vlc-1.1.8
> Target keywords : "alpha amd64 ppc ppc64 sparc x86"

Arches, please test also media-libs/schroedinger-1.0.10 is pulled in by USE="schroedinger"

thanks
Comment 6 Andreas Schürch gentoo-dev 2011-03-29 13:06:36 UTC
(In reply to comment #5)
> Arches, please test also media-libs/schroedinger-1.0.10 is pulled in by
> USE="schroedinger"
Ah, you're right, i forgot to mention it! I already tested schroedinger on x86.
Comment 7 Agostino Sarubbo gentoo-dev 2011-03-29 13:16:38 UTC
amd64 ok
Comment 8 Christoph Mende (RETIRED) gentoo-dev 2011-03-29 15:07:56 UTC
amd64 done, thanks Agostino
Comment 9 Brent Baude (RETIRED) gentoo-dev 2011-03-31 18:20:47 UTC
ppc done
Comment 10 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-04-02 07:59:40 UTC
ppc64 stable
Comment 11 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-04-03 14:57:10 UTC
x86 stable, thanks Andreas. Please file bugs for the detected issues. I think they shouldn't block a security stabilization, but still they should get fixed.
Comment 12 Raúl Porcel (RETIRED) gentoo-dev 2011-04-09 14:00:35 UTC
alpha/sparc stable
Comment 13 Tim Sammut (RETIRED) gentoo-dev 2011-04-09 16:06:23 UTC
Thanks, everyone. Added to existing GLSA request.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2011-07-10 00:53:10 UTC
CVE-2010-3276 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3276):
  libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows
  remote attackers to execute arbitrary code via a crafted width in an NSV
  file.

CVE-2010-3275 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3275):
  libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows
  remote attackers to execute arbitrary code via a crafted width in an AMV
  file, related to a "dangling pointer vulnerability."
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2014-11-05 22:08:37 UTC
This issue was resolved and addressed in
 GLSA 201411-01 at http://security.gentoo.org/glsa/glsa-201411-01.xml
by GLSA coordinator Sean Amoss (ackle).