Summary: | media-video/vlc: multiple DoS vulnerability (CVE-2012-{5470,5855}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | aballier, media-video |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
![]() A new issue affecting VLC 2.0.4: "We have assigned CVE-2012-5855 for this issue in the SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4: http://www.securityfocus.com/archive/1/524626 It is unclear whether there are situations in which the erroneous string-length calculation could occur without any user interaction." http://www.openwall.com/lists/oss-security/2012/11/12/3 CVE-2012-5855 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5855): The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction. Added to an existing GLSA request. This issue was resolved and addressed in GLSA 201411-01 at http://security.gentoo.org/glsa/glsa-201411-01.xml by GLSA coordinator Sean Amoss (ackle). |