Summary: | <media-video/vlc-1.1.13 "get_chunk_header()" Double-Free Vulnerability (CVE-2012-0023) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | media-video, n0idx80 |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/47325/ | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
![]() @Alexis, can you tell me if ty.c is compiled as default gentoo configuration or with a specific? (In reply to comment #1) > @Alexis, can you tell me if ty.c is compiled as default gentoo configuration or > with a specific? yes its built by default ( /usr/lib64/vlc/plugins/demux/libty_plugin.so ) here. feel free to cc arches, 1.1.13 fixes a couple of other bugs too (see changelog) (In reply to comment #2) > yes its built by default ( /usr/lib64/vlc/plugins/demux/libty_plugin.so ) here. > > > feel free to cc arches, 1.1.13 fixes a couple of other bugs too (see changelog) Sure, thanks Arches, please test and mark stable: =media-video/vlc-1.1.13 Target keywords : "alpha amd64 ppc ppc64 sparc x86" x86/amd64 stable ppc/ppc64 done alpha/sparc stable Thanks everyone. Added to existing glsa draft. *** Bug 397553 has been marked as a duplicate of this bug. *** CVE-2011-5231 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5231): Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file. CVE-2012-0023 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0023): Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file. CVE-2011-5231 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5231): ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0023. Reason: This candidate is a duplicate of CVE-2012-0023. Notes: All CVE users should reference CVE-2012-0023 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. This issue was resolved and addressed in GLSA 201411-01 at http://security.gentoo.org/glsa/glsa-201411-01.xml by GLSA coordinator Sean Amoss (ackle). |