CVE-2012-5470 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5470): libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file. MITRE notes the following on the oss-sec mailing list: 'The "Rewritten support for images, including jpeg, png, xcf, bmp..." and "2.0.4 fixes numerous issues, including audio device selection, Qt and Mac OS interface, security issues and Windows wallpaper mode..." lines in http://www.videolan.org/vlc/releases/2.0.4.html may possibly be relevant here. There isn't an obvious mention of PNG on the http://trac.videolan.org/vlc/timeline?from=10%2F24%2F12&daysback=15 ticket list.'
A new issue affecting VLC 2.0.4: "We have assigned CVE-2012-5855 for this issue in the SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4: http://www.securityfocus.com/archive/1/524626 It is unclear whether there are situations in which the erroneous string-length calculation could occur without any user interaction." http://www.openwall.com/lists/oss-security/2012/11/12/3
CVE-2012-5855 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5855): The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and earlier might allow user-assisted attackers to cause a denial of service (crash) via a crafted file name that triggers an incorrect string-length calculation when the file is added to VLC. NOTE: it is not clear whether this issue crosses privilege boundaries or whether it can be exploited without user interaction.
Added to an existing GLSA request.
This issue was resolved and addressed in GLSA 201411-01 at http://security.gentoo.org/glsa/glsa-201411-01.xml by GLSA coordinator Sean Amoss (ackle).
