Some vulnerabilities have been discovered in VLC Media Player, which can be exploited by malicious people to compromise a user's system.
1) Boundary errors in the "ParseMicroDvd()", "ParseSSA()", and "ParseVplayer()" functions when handling subtitles can be exploited to cause stack-based buffer overflows.
2) A format string error in the web interface listening on port 8080/tcp (disabled by default) can be exploited via a specially crafted HTTP request with a "Connection" header value containing format specifiers.
Successful exploitation of the vulnerabilities allows execution of arbitrary code.
The vulnerabilities have been confirmed in version 0.8.6d. Other versions may also be affected.
Fixed in the SVN repository.
Provided and/or discovered by:
1) Originally reported by Michal Luczaj. Additional information provided by Luigi Auriemma.
2) Luigi Auriemma
Media-video, please advise.
(Or is this already fixed in our ebuilds? The advisories are from June and I spotted other security bug reports from November.)
had a quick look. One of the changes is:
From 3 days ago. Given this and the fact that Secunia confirmed the vulnerabilities in 0.8.6d and our latest stable is 0.8.6c + unstable SVN snapshot ebuilds are older than 3 days, we most likely need new ebuilds here.
hmm ok, after checking it:
1) => been fixed a while ago in trunk, so 0.9.0 snapshots should be ok in that regard. However, backport to 0.8.6 branch had been forgotten and committed only a few days ago.
2) => Discovered recently, fixed in trunk and in 0.8.6 branch.
A 0.8.6e release is in preparation that should fix both. I'd prefer waiting a few days more (as its expected at the very beginning of the year).
I also need to put a more recent trunk snapshot for ~arch users, this one should also fix 2)
Alexis, are there any news here? Can you ping the VLC guys if necessary?
(In reply to comment #4)
> Alexis, are there any news here? Can you ping the VLC guys if necessary?
bah as 0.8.6e seems to be late, I've bumped 0.8.6d applying the two fixes.
Alexis, thanks. I assume vlc-0.9.0_alpha20080110 has the same patches included, so ~arch is unaffected now?
Arches, please test and mark stable media-video/vlc-0.8.6d.
Target keywords : "alpha amd64 ppc sparc x86"
(In reply to comment #6)
> Alexis, thanks. I assume vlc-0.9.0_alpha20080110 has the same patches included,
> so ~arch is unaffected now?
yes ~arch is unaffected now
Sparc stable, works as expected.
alpha stable, thanks Tobias and sorry for the delay
Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN
VLC 0.8.6d allows remote attackers to execute arbitrary code via a
long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.
Format string vulnerability in the httpd_FileCallBack function
(network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to
execute arbitrary code via format string specifiers in the Connection
This also fixes: