Summary: | media-video/vlc Stack-based buffer overflows via smb:// URLs | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | media-video, p.gregy |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | B2 [ | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Alex Legler (RETIRED)
![]() ![]() ![]() I tried to reproduce it with vlc 1.0.1. Only got regular error message. ERROR: string overflow by 1 (1024 - 1023) in safe_strcpy [smb://example.com@www.example.com/foo/#{AABBBBCCCC] So I guess it doesn't work. CVE-2009-2484 indicates that there was such a vulnerability, but it was limited to Windows. Also very obsolete regardless, fixed since June 2009. |