Bug#502726: libty_plugin: vlc: exploitable buffer overflow in TY demux
Nico Golde
nion at debian.org
Sun Oct 19 16:35:25 UTC 2008
Hi Remi,
* Remi Denis-Courmont <rdenis at simphalempin.com> [2008-10-19 17:44]:
> VLC versions 0.8.2 through 0.9.4 are prone to an exploitable
> stack-based buffer overflow in the TY (TiVo) file parser.
>
> See also http://www.videolan.org/security/sa0809.html
Are you sure that 0.8.6.h-4 in unstable is affected?
Looking at
http://git.videolan.org/?p=vlc.git;a=blob;f=modules/demux/ty.c;h=65a408f67a363747f7308a8a858a6dad50e54e67;hb=26d92b87bba99b5ea2e17b7eaa39c462d65e9133
the overflow happens because of the integer conversion in 8
+ i_map_size or if i_map_size + 8 exceeds mst_buf.
I had a look at the code in 0.8.6.h-4 and didn't see
something similar. Only static size reads with correct
sizes.
Can you confirm that this does not affect 0.8.6.h-4 and if
not, what do I miss?
> N.B.: please give me the CVE ID if you allocate one.
I requested one and will forward it to you.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
More information about the pkg-multimedia-maintainers
mailing list