Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 249391 (CVE-2008-5276) - <media-video/vlc-0.9.8a: Buffer overflow in Real demuxer (CVE-2008-5276)
Summary: <media-video/vlc-0.9.8a: Buffer overflow in Real demuxer (CVE-2008-5276)
Status: RESOLVED FIXED
Alias: CVE-2008-5276
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.videolan.org/security/sa08...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-11-30 14:57 UTC by Alexis Ballier
Modified: 2008-12-25 01:17 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexis Ballier gentoo-dev 2008-11-30 14:57:30 UTC 
http://www.videolan.org/security/sa0811.html

Details

When parsing the header of an invalid Real Media file an integer overflow might occur then trigger a stack-based buffer overflows.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2008-11-30 18:06:26 UTC 
Adding "corresponding evaluation" to whiteboard, adding herd (http://www.gentoo.org/security/en/vulnerability-policy.xml).
Comment 2 Alexis Ballier gentoo-dev 2008-12-08 09:11:00 UTC 
0.9.8a is in the tree btw
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2008-12-09 22:34:09 UTC 
Arches, please test and mark stable:
=media-video/vlc-0.9.8a
Target keywords : "alpha amd64 ppc sparc x86"
Comment 4 Markus Meier gentoo-dev 2008-12-10 22:02:04 UTC 
amd64/x86 stable
Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev 2008-12-13 13:46:55 UTC 
ppc stable
Comment 6 Tobias Klausmann (RETIRED) gentoo-dev 2008-12-13 19:17:33 UTC 
stable on alpha
Comment 7 Friedrich Oslage (RETIRED) gentoo-dev 2008-12-13 21:09:20 UTC 
sparc stable
Comment 8 Tobias Heinlein (RETIRED) gentoo-dev 2008-12-15 14:04:59 UTC 
GLSA request filed.
Comment 9 Tobias Heinlein (RETIRED) gentoo-dev 2008-12-25 01:17:06 UTC 
GLSA 200812-24, thanks everyone.