From $URL: Details When parsing the header of an invalid Real Media file an integer overflow might occur then trigger a heap-based buffer overflow. Impact If successful, it is unknown whether a malicious third party might be able to trigger execution of arbitrary code. Successful exploitation of this bug can crash the proces of the media player. ... Solution VLC media player 1.1.6 addresses this issue. Patches for older versions are available from the official VLC source code repositories.
vlc-1.1.6 should fix this
=media-video/vlc-1.1.6 is being stabilized in bug 352206.(In reply to comment #1) > vlc-1.1.6 should fix this > Great, thank you. =media-video/vlc-1.1.6 is being stabilized in bug 352206.
CVE-2010-3907 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3907): Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a zero i_subpackets value in a Real Media file, leading to a heap-based buffer overflow.
This issue was resolved and addressed in GLSA 201411-01 at http://security.gentoo.org/glsa/glsa-201411-01.xml by GLSA coordinator Sean Amoss (ackle).
