Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 249391 (CVE-2008-5276)

Summary: <media-video/vlc-0.9.8a: Buffer overflow in Real demuxer (CVE-2008-5276)
Product: Gentoo Security Reporter: Alexis Ballier <aballier>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: media-video
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.videolan.org/security/sa0811.html
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Alexis Ballier gentoo-dev 2008-11-30 14:57:30 UTC
http://www.videolan.org/security/sa0811.html

Details

When parsing the header of an invalid Real Media file an integer overflow might occur then trigger a stack-based buffer overflows.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2008-11-30 18:06:26 UTC
Adding "corresponding evaluation" to whiteboard, adding herd (http://www.gentoo.org/security/en/vulnerability-policy.xml).
Comment 2 Alexis Ballier gentoo-dev 2008-12-08 09:11:00 UTC
0.9.8a is in the tree btw
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2008-12-09 22:34:09 UTC
Arches, please test and mark stable:
=media-video/vlc-0.9.8a
Target keywords : "alpha amd64 ppc sparc x86"

Comment 4 Markus Meier gentoo-dev 2008-12-10 22:02:04 UTC
amd64/x86 stable
Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev 2008-12-13 13:46:55 UTC
ppc stable
Comment 6 Tobias Klausmann (RETIRED) gentoo-dev 2008-12-13 19:17:33 UTC
stable on alpha
Comment 7 Friedrich Oslage (RETIRED) gentoo-dev 2008-12-13 21:09:20 UTC
sparc stable
Comment 8 Tobias Heinlein (RETIRED) gentoo-dev 2008-12-15 14:04:59 UTC
GLSA request filed.
Comment 9 Tobias Heinlein (RETIRED) gentoo-dev 2008-12-25 01:17:06 UTC
GLSA 200812-24, thanks everyone.