From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-200812-24.xml | 79 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 metadata/glsa/glsa-200812-24.xml (limited to 'metadata/glsa/glsa-200812-24.xml') diff --git a/metadata/glsa/glsa-200812-24.xml b/metadata/glsa/glsa-200812-24.xml new file mode 100644 index 000000000000..31986a33ca9a --- /dev/null +++ b/metadata/glsa/glsa-200812-24.xml @@ -0,0 +1,79 @@ + + + + VLC: Multiple vulnerabilities + + Multiple vulnerabilities in VLC may lead to the remote execution of + arbitrary code. + + vlc + 2008-12-24 + 2008-12-24: 01 + 245774 + 249391 + remote + + + 0.9.8a + 0.9.8a + + + +

+ VLC is a cross-platform media player and streaming server. +

+ + +

+ Tobias Klein reported the following vulnerabilities: +

+
    +
  • A + stack-based buffer overflow when processing CUE image files in + modules/access/vcd/cdrom.c (CVE-2008-5032).
    • +
  • A stack-based + buffer overflow when processing RealText (.rt) subtitle files in the + ParseRealText() function in modules/demux/subtitle.c + (CVE-2008-5036).
    • +
  • An integer overflow when processing RealMedia + (.rm) files in the ReadRealIndex() function in real.c in the Real + demuxer plugin, leading to a heap-based buffer overflow + (CVE-2008-5276).
    • +
+ + +

+ A remote attacker could entice a user to open a specially crafted CUE + image file, RealMedia file or RealText subtitle file, possibly + resulting in the execution of arbitrary code with the privileges of the + user running the application. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All VLC users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=media-video/vlc-0.9.8a" + + + CVE-2008-5032 + CVE-2008-5036 + CVE-2008-5276 + + + keytoaster + + + keytoaster + + + p-y + + -- cgit v1.2.3