Summary: | <media-video/vlc-1.1.9: Heap overflow vulnerability with corrupt MP4 files (CVE-2011-1684) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | media-video |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.videolan.org/security/sa1103.html | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Tim Sammut (RETIRED)
![]() vlc 1.1.9 is in the tree and should fix this (In reply to comment #1) > vlc 1.1.9 is in the tree and should fix this Great, thank you. Arches, please test and mark stable: =media-video/vlc-1.1.9 Target keywords : "alpha amd64 ppc ppc64 sparc x86" amd64 ok x86 stable amd64 stable alpha/sparc stable ppc done ppc64 stable, last arch done Thanks, everyone. Added to existing GLSA request. CVE-2011-1684 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1684): Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player before 1.1.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file. This issue was resolved and addressed in GLSA 201411-01 at http://security.gentoo.org/glsa/glsa-201411-01.xml by GLSA coordinator Sean Amoss (ackle). |