Bug#616156: Subject: vlc: VLC bookmark buffer overflow
henri at nerv.fi
henri at nerv.fi
Wed Mar 2 21:26:59 UTC 2011
Package: vlc
Version: 1.1.3-1squeeze3
Severity: important
Tags: security
"VLC media player is vulnerable to a buffer overflow attack when processing .mp3 file and its metadata. It fails to perform boundry checks when creating a bookmark from the malicious media file playing, resulting in a crash, overwriting ECX register. While the evil .mp3 is playing, you go Playback > Bookmarks > Manage bookmarks > Create."
I have requested CVE-identifier for this vulnerability: http://www.openwall.com/lists/oss-security/2011/03/02/3
Sample evil-file "freezed" my X and I needed to restart whole X to get control over GUI. I can give debug-information/logs if needed.
Can someone update tracker TEMP-0000000-57DB88? Note "obscure exploit scenario, not reproducible" is not true in my opinion.
References:
http://osvdb.org/show/osvdb/62728
Best regards,
Henri Salo
-- System Information:
Debian Release: 6.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages vlc depends on:
ii libaa1 1.4p5-38 ascii art library
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libfreetype6 2.4.2-2.1 FreeType 2 font engine, shared lib
ii libfribidi0 0.19.2-1 Free Implementation of the Unicode
ii libgcc1 1:4.4.5-8 GCC support library
ii libgl1-mesa-glx [libgl1 7.7.1-4 A free implementation of the OpenG
ii libqtcore4 4:4.6.3-4 Qt 4 core module
ii libqtgui4 4:4.6.3-4 Qt 4 GUI module
ii libsdl-image1.2 1.2.10-2+b2 image loading library for Simple D
ii libsdl1.2debian 1.2.14-6.1 Simple DirectMedia Layer
ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3
ii libtar 1.2.11-6 C library for manipulating tar arc
ii libvlccore4 1.1.3-1squeeze3 base library for VLC and its modul
ii libx11-6 2:1.3.3-4 X11 client-side library
ii libx11-xcb1 2:1.3.3-4 Xlib/XCB interface library
ii libxcb-keysyms1 0.3.6-1 utility libraries for X C Binding
ii libxcb-randr0 1.6-1 X C Binding, randr extension
ii libxcb-shm0 1.6-1 X C Binding, shm extension
ii libxcb-xv0 1.6-1 X C Binding, xv extension
ii libxcb1 1.6-1 X C Binding
ii libxext6 2:1.1.2-1 X11 miscellaneous extension librar
ii ttf-freefont 20090104-7 Freefont Serif, Sans and Mono True
ii vlc-nox 1.1.3-1squeeze3 multimedia player and streamer (wi
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages vlc recommends:
ii vlc-plugin-notify 1.1.3-1squeeze3 LibNotify plugin for VLC
ii vlc-plugin-pulse 1.1.3-1squeeze3 PulseAudio plugin for VLC
Versions of packages vlc suggests:
pn mozilla-plugin-vlc <none> (no description available)
pn videolan-doc <none> (no description available)
Versions of packages vlc-nox depends on:
ii liba52-0.7.4 0.7.4-14 library for decoding ATSC A/52 str
ii libasound2 1.0.23-2.1 shared library for ALSA applicatio
ii libass4 0.9.9-1 library for SSA/ASS subtitles rend
ii libavahi-client3 0.6.27-2+squeeze1 Avahi client library
ii libavahi-common3 0.6.27-2+squeeze1 Avahi common library
ii libavc1394-0 0.5.3-1+b2 control IEEE 1394 audio/video devi
ii libavcodec52 4:0.5.2-6 ffmpeg codec library
ii libavformat52 4:0.5.2-6 ffmpeg file format library
ii libavutil49 4:0.5.2-6 ffmpeg utility library
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libcaca0 0.99.beta17-1 colour ASCII art library
ii libcddb2 1.3.2-2 library to access CDDB data - runt
ii libcdio10 0.81-4 library to read and control CD-ROM
ii libdbus-1-3 1.2.24-4 simple interprocess messaging syst
ii libdc1394-22 2.1.2-3 high level programming interface f
ii libdca0 0.0.5-3 decoding library for DTS Coherent
ii libdirac-encoder0 1.0.2-3 open and royalty free high quality
ii libdvbpsi6 0.1.7-1 library for MPEG TS and DVB PSI ta
ii libdvdnav4 4.1.3-7 DVD navigation library
ii libdvdread4 4.1.3-10 library for reading DVDs
ii libebml0 0.7.7-3.1 access library for the EBML format
ii libfaad2 2.7-6 freeware Advanced Audio Decoder -
ii libflac8 1.2.1-2+b1 Free Lossless Audio Codec - runtim
ii libfontconfig1 2.8.0-2.1 generic font configuration library
ii libfreetype6 2.4.2-2.1 FreeType 2 font engine, shared lib
ii libfribidi0 0.19.2-1 Free Implementation of the Unicode
ii libgcc1 1:4.4.5-8 GCC support library
ii libgcrypt11 1.4.5-2 LGPL Crypto library - runtime libr
ii libgnutls26 2.8.6-1 the GNU TLS library - runtime libr
ii libgpg-error0 1.6-1 library for common error values an
ii libkate1 0.3.7-3 Kate is a codec for karaoke and te
ii liblircclient0 0.8.3-5 infra-red remote control support -
ii liblua5.1-0 5.1.4-5 Simple, extensible, embeddable pro
ii libmad0 0.15.1b-5 MPEG audio decoder library
ii libmatroska0 0.8.1-1.1 extensible open standard audio/vid
ii libmodplug1 1:0.8.8.1-1 shared libraries for mod music bas
ii libmpcdec6 2:0.1~r459-1 MusePack decoder - library
ii libmpeg2-4 0.4.1-3 MPEG1 and MPEG2 video decoder libr
ii libmtp8 1.0.3-1 Media Transfer Protocol (MTP) libr
ii libncursesw5 5.7+20100313-5 shared libraries for terminal hand
ii libogg0 1.2.0~dfsg-1 Ogg bitstream library
ii libpng12-0 1.2.44-1 PNG library - runtime
ii libpostproc51 4:0.5.2-6 ffmpeg video postprocessing librar
ii libproxy0 0.3.1-2 automatic proxy configuration mana
ii libraw1394-11 2.0.5-2 library for direct access to IEEE
ii libschroedinger-1 1.0.9-2 library for encoding/decoding of D
ii libshout3 2.2.2-5+b1 MP3/Ogg Vorbis broadcast streaming
ii libsmbclient 2:3.5.6~dfsg-3squeeze2 shared library for communication w
ii libspeex1 1.2~rc1-1 The Speex codec runtime library
ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3
ii libswscale0 4:0.5.2-6 ffmpeg video scaling library
ii libtag1c2a 1.6.3-1 TagLib Audio Meta-Data Library
ii libtheora0 1.1.1+dfsg.1-3 The Theora Video Compression Codec
ii libtwolame0 0.3.12-1 MPEG Audio Layer 2 encoding librar
ii libudev0 164-3 libudev shared library
ii libupnp3 1:1.6.6-5 Portable SDK for UPnP Devices, ver
ii libv4l-0 0.8.0-1 Collection of video4linux support
ii libvcdinfo0 0.7.23-4+b2 library to extract information fro
ii libvlc5 1.1.3-1squeeze3 multimedia player and streamer lib
ii libvlccore4 1.1.3-1squeeze3 base library for VLC and its modul
ii libvorbis0a 1.3.1-1 The Vorbis General Audio Compressi
ii libvorbisenc2 1.3.1-1 The Vorbis General Audio Compressi
ii libxml2 2.7.8.dfsg-2 GNOME XML library
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages libvlc5 depends on:
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libvlccore4 1.1.3-1squeeze3 base library for VLC and its modul
Versions of packages libvlccore4 depends on:
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libdbus-1-3 1.2.24-4 simple interprocess messaging syst
ii vlc-data 1.1.3-1squeeze3 Common data for VLC
Versions of packages vlc is related to:
pn libavutil50 <none> (no description available)
pn libavutil51 <none> (no description available)
-- no debconf information
More information about the pkg-multimedia-maintainers
mailing list