| Summary: | media-video/vlc 0.8.6a Denial of Service | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Executioner <keith> |
| Component: | Auditing | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | trivial | CC: | media-video |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.milw0rm.com/exploits/3119 | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Executioner
2007-01-12 21:55:22 UTC
Not sure if this is versions < 0.8.6a or just 0.8.6a This looks like more than a DoS, despite the very lame exploit ;) I get what looks like a double free() in libasf. adding herd can someone verify, if 0.8.6 is vulnerable by this 0.8.6-r1 is the same as 0.8.6a for Linux (there were a few changes for OSX, so I didn't spend time getting a new tarball). So yeah. I've added a 0.8.6_p18636, that comes out of the 0.8.6-bugfix branch of VLC, that solves this issue and a few more according to upstream. Hi, usually we don't handle client-side DoS except in severe cases. Switching in "auditing" in order to know if this is only a DoS or something which can be exploited for code injection... Feel free to comment on this bug! i can't find any reference to anything else that a simple DoS. Closing since the fixed ebuild is already in the tree, feel free to reopen if you disagree. |
