Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 476436 (CVE-2013-3245) - <media-video/vlc-2.0.8: MKV Parsing Integer Overflow Vulnerability (CVE-2013-3245)
Summary: <media-video/vlc-2.0.8: MKV Parsing Integer Overflow Vulnerability (CVE-2013-...
Status: RESOLVED FIXED
Alias: CVE-2013-3245
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/52956/
Whiteboard: A2 [glsa]
Keywords:
Depends on: CVE-2013-4388
Blocks:
  Show dependency tree
 
Reported: 2013-07-10 18:58 UTC by Agostino Sarubbo
Modified: 2014-11-05 22:10 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-07-10 18:58:27 UTC 
From ${URL} :

Description

Kaveh Ghaemmaghami has discovered a vulnerability in VLC Media Player, which can be exploited by 
malicious people to potentially compromise a user's system.

The vulnerability is caused due to an integer overflow error within the libmkv_plugin.dll module 
when parsing MKV files, which can be exploited to cause a heap-based buffer overflow via an MKV 
file with a specially crafted header.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 2.0.7. Other versions may also be affected.


Solution:
No official solution is currently available.

Provided and/or discovered by:
Kaveh Ghaemmaghami via Secunia.

Original Advisory:
Secunia:
http://secunia.com/blog/372/


@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2013-08-27 03:27:28 UTC 
CVE-2013-3245 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3245):
  ** DISPUTED ** plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player
  2.0.7, and possibly other versions, allows remote attackers to cause a
  denial of service (crash) and possibly execute arbitrary code via a crafted
  MKV file, possibly involving an integer overflow and out-of-bounds read or
  heap-based buffer overflow, or an uncaught exception.  NOTE: the vendor
  disputes the severity and claimed vulnerability type of this issue, stating
  "This PoC crashes VLC, indeed, but does nothing more... this is not an
  integer overflow error, but an uncaught exception and I doubt that it is
  exploitable. This uncaught exception makes VLC abort, not execute random
  code, on my Linux 64bits machine." A PoC posted by the original researcher
  shows signs of an attacker-controlled out-of-bounds read, but the affected
  instruction does not involve a register that directly influences control
  flow.
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2013-10-08 16:02:54 UTC 
Fixed in version 2.08
http://www.videolan.org/vlc/releases/2.0.8.html
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2014-06-18 00:15:32 UTC 
Added to an existing GLSA request.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2014-11-05 22:10:13 UTC 
This issue was resolved and addressed in
 GLSA 201411-01 at http://security.gentoo.org/glsa/glsa-201411-01.xml
by GLSA coordinator Sean Amoss (ackle).