10 - DSA-1543

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	New vlc packages fix several vulnerabilities

Informations
Name	DSA-1543	First vendor Publication	2008-04-09
Vendor	Debian	Last vendor Modification	2008-04-09
Severity (Vendor)	N/A	Revision	1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Luigi Auriemma, Alin Rad Pop, RÃ©mi Denis-Courmont, Quovodis, Guido Landi, Felipe Manzano, Anibal Sacco and others discovered multiple vulnerabilities in vlc, an application for playback and streaming of audio and video. In the worst case, these weaknesses permit a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user running vlc.

The Common Vulnerabilities and Exposures project identifies the following eight problems:

CVE-2007-6681

A buffer overflow vulnerability in subtitle handling allows an attacker to execute arbitrary code through the opening of a maliciously crafted MicroDVD, SSA or Vplayer file.

CVE-2007-6682

A format string vulnerability in the HTTP-based remote control facility of the vlc application allows a remote, unauthenticated attacker to execute arbitrary code.

CVE-2007-6683

Insecure argument validation allows a remote attacker to overwrite arbitrary files writable by the user running vlc, if a maliciously crafted M3U playlist or MP3 audio file is opened.

CVE-2008-0295, CVE-2008-0296

Heap buffer overflows in RTSP stream and session description protocol (SDP) handling allow an attacker to execute arbitrary code if a maliciously-crafted RTSP stream is played.

CVE-2008-0073

Insufficient integer bounds checking in SDP handling allows the execution of arbitrary code through a maliciously crafted SDP stream ID parameter in an RTSP stream.

CVE-2008-0984

Insufficient integrity checking in the MP4 demuxer allows a remote attacker to overwrite arbitrary memory and execute arbitrary code if a maliciously-crafted MP4 file is opened.

CVE-2008-1489

An integer overflow vulnerability in MP4 handling allows a remote attacker to cause a heap buffer overflow, inducing a crash and possibly the execution of arbitrary code if a maliciously-crafted MP4 file is opened.

For the stable distribution (etch), these problems have been fixed in version 0.8.6-svn20061012.debian-5.1+etch2.

For the unstable distribution (sid), these problems have been fixed in version 0.6.8.e-2.

We recommend that you upgrade your vlc packages.

Original Source

Url : http://www.debian.org/security/2008/dsa-1543

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
33 %	CWE-189	Numeric Errors (CWE/SANS Top 25)
17 %	CWE-399	Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14334

Oval ID:	oval:org.mitre.oval:def:14334
Title:	Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d
Description:	Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2007-6681	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	VLC Media Player
Definition Synopsis:
VLC media player is installed AND Version of VLC Media Player equal to 0.8.6d

Definition Id: oval:org.mitre.oval:def:14597

Oval ID:	oval:org.mitre.oval:def:14597
Title:	Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows
Description:	Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-0296	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	VLC Media Player
Definition Synopsis:
VLC media player is installed AND Version of VLC Media Player less than or equal to 0.8.6d

Definition Id: oval:org.mitre.oval:def:14619

Oval ID:	oval:org.mitre.oval:def:14619
Title:	The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files
Description:	The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2007-6683	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	VLC Media Player
Definition Synopsis:
VLC media player is installed AND Version of VLC Media Player equal to 0.8.6d

Definition Id: oval:org.mitre.oval:def:14776

Oval ID:	oval:org.mitre.oval:def:14776
Title:	Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier
Description:	Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-0295	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	VLC Media Player
Definition Synopsis:
VLC media player is installed AND Version of VLC Media Player less than or equal to 0.8.6d

Definition Id: oval:org.mitre.oval:def:14790

Oval ID:	oval:org.mitre.oval:def:14790
Title:	Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d
Description:	Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2007-6682	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	VLC Media Player
Definition Synopsis:
VLC media player is installed AND Version of VLC Media Player equal to 0.8.6d

Definition Id: oval:org.mitre.oval:def:14841

Oval ID:	oval:org.mitre.oval:def:14841
Title:	Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e
Description:	Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-1489	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	VLC Media Player
Definition Synopsis:
VLC media player is installed AND Version of VLC Media Player equal to 0.8.6e

Definition Id: oval:org.mitre.oval:def:18478

Oval ID:	oval:org.mitre.oval:def:18478
Title:	DSA-1543-1 vlc - several vulnerabilities
Description:	Luigi Auriemma, Alin Rad Pop, Rémi Denis-Courmont, Quovodis, Guido Landi, Felipe Manzano, Anibal Sacco and others discovered multiple vulnerabilities in vlc, an application for playback and streaming of audio and video. In the worst case, these weaknesses permit a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user running vlc.
Family:	unix	Class:	patch
Reference(s):	DSA-1543-1 CVE-2007-6681 CVE-2007-6682 CVE-2007-6683 CVE-2008-0295 CVE-2008-0296 CVE-2008-0073 CVE-2008-0984 CVE-2008-1489	Version:	7
Platform(s):	Debian GNU/Linux 4.0	Product(s):	vlc
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND vlc DPKG is earlier than 0.8.6-svn20061012.debian-5.1+etch2

Definition Id: oval:org.mitre.oval:def:26439

Oval ID:	oval:org.mitre.oval:def:26439
Title:	Memory corruption vulnerability in MP4 demuxer (mp4.c) for VLC media player via a malformed MP4 file
Description:	The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2008-0984	Version:	4
Platform(s):	Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2	Product(s):	VLC Media Player
Definition Synopsis:
VLC media player is installed AND Version of VLC Media Player is less than 0.8.6e

Definition Id: oval:org.mitre.oval:def:7830

Oval ID:	oval:org.mitre.oval:def:7830
Title:	DSA-1543 vlc -- several vulnerabilities
Description:	Luigi Auriemma, Alin Rad Pop, Reacute mi Denis-Courmont, Quovodis, Guido Landi, Felipe Manzano, Anibal Sacco and others discovered multiple vulnerabilities in vlc, an application for playback and streaming of audio and video. In the worst case, these weaknesses permit a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user running vlc. The Common Vulnerabilities and Exposures project identifies the following eight problems: A buffer overflow vulnerability in subtitle handling allows an attacker to execute arbitrary code through the opening of a maliciously crafted MicroDVD, SSA or Vplayer file. A format string vulnerability in the HTTP-based remote control facility of the vlc application allows a remote, unauthenticated attacker to execute arbitrary code. Insecure argument validation allows a remote attacker to overwrite arbitrary files writable by the user running vlc, if a maliciously crafted M3U playlist or MP3 audio file is opened. Heap buffer overflows in RTSP stream and session description protocol (SDP) handling allow an attacker to execute arbitrary code if a maliciously crafted RTSP stream is played. Insufficient integer bounds checking in SDP handling allows the execution of arbitrary code through a maliciously crafted SDP stream ID parameter in an RTSP stream. Insufficient integrity checking in the MP4 demuxer allows a remote attacker to overwrite arbitrary memory and execute arbitrary code if a maliciously crafted MP4 file is opened. An integer overflow vulnerability in MP4 handling allows a remote attacker to cause a heap buffer overflow, inducing a crash and possibly the execution of arbitrary code if a maliciously crafted MP4 file is opened.
Family:	unix	Class:	patch
Reference(s):	DSA-1543 CVE-2007-6681 CVE-2007-6682 CVE-2007-6683 CVE-2008-0295 CVE-2008-0296 CVE-2008-0073 CVE-2008-0984 CVE-2008-1489	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	vlc
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND Packages section wxvlc is earlier than 0.8.6-svn20061012.debian-5.1+etch2 AND vlc-plugin-alsa is earlier than 0.8.6-svn20061012.debian-5.1+etch2 AND vlc-nox is earlier than 0.8.6-svn20061012.debian-5.1+etch2 AND vlc-plugin-arts is earlier than 0.8.6-svn20061012.debian-5.1+etch2 AND vlc is earlier than 0.8.6-svn20061012.debian-5.1+etch2 AND mozilla-plugin-vlc is earlier than 0.8.6-svn20061012.debian-5.1+etch2 AND vlc-plugin-ggi is earlier than 0.8.6-svn20061012.debian-5.1+etch2 AND libvlc0-dev is earlier than 0.8.6-svn20061012.debian-5.1+etch2 AND vlc-plugin-sdl is earlier than 0.8.6-svn20061012.debian-5.1+etch2 AND vlc-plugin-esd is earlier than 0.8.6-svn20061012.debian-5.1+etch2 AND libvlc0 is earlier than 0.8.6-svn20061012.debian-5.1+etch2 OR Architecture dependent section Installed architecture is i386 AND Packages section vlc-plugin-glide is earlier than 0.8.6-svn20061012.debian-5.1+etch2 AND vlc-plugin-svgalib is earlier than 0.8.6-svn20061012.debian-5.1+etch2

CPE : Common Platform Enumeration

Type	Description	Count
Application	Videolan Vlc cpe:2.3:a:videolan:vlc:0.8.6e:::::::* cpe:2.3:a:videolan:vlc:0.8.6d:::::::* cpe:2.3:a:videolan:vlc:0.8.6c:::::::* cpe:2.3:a:videolan:vlc:0.8.5:::::::* cpe:2.3:a:videolan:vlc:0.8.4a:::::::* cpe:2.3:a:videolan:vlc:0.8.4:::::::* cpe:2.3:a:videolan:vlc:0.8.2:::::::* cpe:2.3:a:videolan:vlc:0.8.1:::::::* cpe:2.3:a:videolan:vlc:0.8.0:::::::* cpe:2.3:a:videolan:vlc:0.7.2:::::::* cpe:2.3:a:videolan:vlc:0.7.1:::::::* cpe:2.3:a:videolan:vlc:0.7.0:::::::* cpe:2.3:a:videolan:vlc:0.6.2:::::::* cpe:2.3:a:videolan:vlc:0.6.1:::::::* cpe:2.3:a:videolan:vlc:0.6.0:::::::* cpe:2.3:a:videolan:vlc:0.5.3:::::::* cpe:2.3:a:videolan:vlc:0.5.2:::::::* cpe:2.3:a:videolan:vlc:0.5.1a:::::::* cpe:2.3:a:videolan:vlc:0.5.1:::::::* cpe:2.3:a:videolan:vlc:0.5.0:::::::* cpe:2.3:a:videolan:vlc:0.4.6:::::::* cpe:2.3:a:videolan:vlc:0.4.5:::::::* cpe:2.3:a:videolan:vlc:0.4.4:::::::* cpe:2.3:a:videolan:vlc:0.4.3_ac3:::::::* cpe:2.3:a:videolan:vlc:0.4.3:::::::* cpe:2.3:a:videolan:vlc:0.4.2:::::::* cpe:2.3:a:videolan:vlc:0.4.1:::::::* cpe:2.3:a:videolan:vlc:0.4.0:::::::* cpe:2.3:a:videolan:vlc:0.3.1:::::::* cpe:2.3:a:videolan:vlc:0.3.0:::::::* cpe:2.3:a:videolan:vlc:0.2.92:::::::* cpe:2.3:a:videolan:vlc:0.2.91:::::::* cpe:2.3:a:videolan:vlc:0.2.90:::::::* cpe:2.3:a:videolan:vlc:0.2.83:::::::* cpe:2.3:a:videolan:vlc:0.2.82:::::::* cpe:2.3:a:videolan:vlc:0.2.81:::::::* cpe:2.3:a:videolan:vlc:0.2.80:::::::* cpe:2.3:a:videolan:vlc:0.2.73:::::::* cpe:2.3:a:videolan:vlc:0.2.72:::::::* cpe:2.3:a:videolan:vlc:0.2.71:::::::* cpe:2.3:a:videolan:vlc:0.2.70:::::::* cpe:2.3:a:videolan:vlc:0.2.63:::::::* cpe:2.3:a:videolan:vlc:0.2.62:::::::* cpe:2.3:a:videolan:vlc:0.2.61:::::::* cpe:2.3:a:videolan:vlc:0.2.60:::::::* cpe:2.3:a:videolan:vlc:0.2.50:::::::* cpe:2.3:a:videolan:vlc:0.2.0:::::::* cpe:2.3:a:videolan:vlc:0.1.99i:::::::* cpe:2.3:a:videolan:vlc:0.1.99h:::::::* cpe:2.3:a:videolan:vlc:0.1.99g:::::::* cpe:2.3:a:videolan:vlc:0.1.99f:::::::* cpe:2.3:a:videolan:vlc:0.1.99e:::::::* cpe:2.3:a:videolan:vlc:0.1.99d:::::::* cpe:2.3:a:videolan:vlc:0.1.99c:::::::* cpe:2.3:a:videolan:vlc:0.1.99b:::::::* cpe:2.3:a:videolan:vlc:0.1.99a:::::::* cpe:2.3:a:videolan:vlc:0.1.99:::::::*	57
Application	Videolan Vlc Media Player cpe:2.3:a:videolan:vlc_media_player:0.8.6i:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.6h:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.6g:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.6f:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.6e:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.6d:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.6c:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.5:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.5:test3:::::: cpe:2.3:a:videolan:vlc_media_player:0.8.5:test4:::::: cpe:2.3:a:videolan:vlc_media_player:0.8.4a:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.4:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.4:test2:::::: cpe:2.3:a:videolan:vlc_media_player:0.8.2:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.1:::::::* cpe:2.3:a:videolan:vlc_media_player:0.8.0:::::::* cpe:2.3:a:videolan:vlc_media_player:0.7.2:::::::* cpe:2.3:a:videolan:vlc_media_player:0.7.2:test3:::::: cpe:2.3:a:videolan:vlc_media_player:0.7.2:test2:::::: cpe:2.3:a:videolan:vlc_media_player:0.7.1a:::::::* cpe:2.3:a:videolan:vlc_media_player:0.7.1:::::::* cpe:2.3:a:videolan:vlc_media_player:0.7.0:::::::* cpe:2.3:a:videolan:vlc_media_player:0.6.2:::::::* cpe:2.3:a:videolan:vlc_media_player:0.6.1:::::::* cpe:2.3:a:videolan:vlc_media_player:0.6.0:::::::* cpe:2.3:a:videolan:vlc_media_player:0.5.3:::::::* cpe:2.3:a:videolan:vlc_media_player:0.5.2:::::::* cpe:2.3:a:videolan:vlc_media_player:0.5.1a:::::::* cpe:2.3:a:videolan:vlc_media_player:0.5.1:::::::* cpe:2.3:a:videolan:vlc_media_player:0.5.0:::::::* cpe:2.3:a:videolan:vlc_media_player:0.4.6:::::::* cpe:2.3:a:videolan:vlc_media_player:0.4.5:::::::* cpe:2.3:a:videolan:vlc_media_player:0.4.4:::::::* cpe:2.3:a:videolan:vlc_media_player:0.4.3-ac3:::::::* cpe:2.3:a:videolan:vlc_media_player:0.4.3:::::::* cpe:2.3:a:videolan:vlc_media_player:0.4.2:::::::* cpe:2.3:a:videolan:vlc_media_player:0.4.1:::::::* cpe:2.3:a:videolan:vlc_media_player:0.4.0:::::::* cpe:2.3:a:videolan:vlc_media_player:0.3.1:::::::* cpe:2.3:a:videolan:vlc_media_player:0.3.0:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.92:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.91:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.90:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.83:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.82:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.81:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.80:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.73:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.72:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.71:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.70:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.63:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.62:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.61:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.60:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.50:::::::* cpe:2.3:a:videolan:vlc_media_player:0.2.0:::::::* cpe:2.3:a:videolan:vlc_media_player:0.1.99i:::::::* cpe:2.3:a:videolan:vlc_media_player:0.1.99h:::::::* cpe:2.3:a:videolan:vlc_media_player:0.1.99g:::::::* cpe:2.3:a:videolan:vlc_media_player:0.1.99f:::::::* cpe:2.3:a:videolan:vlc_media_player:0.1.99e:::::::* cpe:2.3:a:videolan:vlc_media_player:0.1.99d:::::::* cpe:2.3:a:videolan:vlc_media_player:0.1.99c:::::::* cpe:2.3:a:videolan:vlc_media_player:0.1.99b:::::::* cpe:2.3:a:videolan:vlc_media_player:0.1.99a:::::::* cpe:2.3:a:videolan:vlc_media_player:::::::: cpe:2.3:a:videolan:vlc_media_player::::::iphone_os::* cpe:2.3:a:videolan:vlc_media_player::::::macos::* cpe:2.3:a:videolan:vlc_media_player:-:::::::*	70
Application	Xine Xine-Lib cpe:2.3:a:xine:xine-lib:1.1.10.1:::::::*	1

ExploitDB Exploits

id	Description
2008-05-23	VLC 0.8.6d SSA Parsing Double Sh311 Universal Exploit
2008-04-28	VLC 0.8.6d - httpd_FileCallBack Remote Format String Exploit
2008-03-25	MPlayer sdpplin_parse() Array Indexing Buffer Overflow Exploit PoC

OpenVAS Exploits

Date	Description
2009-04-09	Name : Mandriva Update for xine-lib MDVSA-2008:178 (xine-lib) File : nvt/gb_mandriva_MDVSA_2008_178.nasl
2009-04-09	Name : Mandriva Update for mplayer MDVSA-2008:219 (mplayer) File : nvt/gb_mandriva_MDVSA_2008_219.nasl
2009-03-23	Name : Ubuntu Update for xine-lib vulnerabilities USN-635-1 File : nvt/gb_ubuntu_USN_635_1.nasl
2009-02-17	Name : Fedora Update for xine-lib FEDORA-2008-7572 File : nvt/gb_fedora_2008_7572_xine-lib_fc8.nasl
2009-02-16	Name : Fedora Update for xine-lib FEDORA-2008-2569 File : nvt/gb_fedora_2008_2569_xine-lib_fc8.nasl
2009-02-16	Name : Fedora Update for xine-lib FEDORA-2008-2945 File : nvt/gb_fedora_2008_2945_xine-lib_fc7.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200803-13 (vlc) File : nvt/glsa_200803_13.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200804-25 (vlc) File : nvt/glsa_200804_25.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200808-01 (xine-lib) File : nvt/glsa_200808_01.nasl
2008-04-21	Name : Debian Security Advisory DSA 1543-1 (vlc) File : nvt/deb_1543_1.nasl
2008-04-07	Name : Debian Security Advisory DSA 1536-1 (xine-lib) File : nvt/deb_1536_1.nasl
0000-00-00	Name : Slackware Advisory SSA:2008-089-03 xine-lib File : nvt/esoft_slk_ssa_2008_089_03.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
43702	VLC Media Player libmp4.c MP4_ReadBox_rdrf() Function MP4 RDRF Box Handling O...
43436	xine-lib sdpplin_parse() Function Array Indexing
43002	VLC Media Player MP4 Demuxer (mp4.c) Arbitrary Memory Overwrite
42208	VLC Media Player network/httpd.c httpd_FileCallBack Function Connection Param...
42207	VLC Media Player modules/demux/subtitle.c Multiple File Format subtitle Handl...
42206	VLC Media Player Browser Plug-in MP3 File EXTVLCOPT Statement Arbitrary File ...
42205	VLC Media Player Browser Plug-in Playlist Filename :demuxdump-file Option Arb...
42194	Xine Library modules/access/rtsp/real_sdpplin.c SDP Data Handling Overflow
42193	VLC Media Player on Windows RTSP Data Handling Unspecified Remote Overflow

Snort® IPS/IDS

Date	Description
2014-01-10	VideoLAN vlc player subtitle buffer overflow attempt RuleID : 18744 - Revision : 9 - Type : FILE-MULTIMEDIA
2014-01-10	VLC player web interface format string attack RuleID : 18743 - Revision : 8 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date	Description
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-178.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-219.nasl - Type : ACT_GATHER_INFO
2008-08-20	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-635-1.nasl - Type : ACT_GATHER_INFO
2008-08-07	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200808-01.nasl - Type : ACT_GATHER_INFO
2008-04-25	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-25.nasl - Type : ACT_GATHER_INFO
2008-04-17	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1543.nasl - Type : ACT_GATHER_INFO
2008-04-11	Name : The remote Fedora host is missing a security update. File : fedora_2008-2945.nasl - Type : ACT_GATHER_INFO
2008-04-11	Name : The remote Windows host contains a media player that is affected by several v... File : vlc_0_8_6f.nasl - Type : ACT_GATHER_INFO
2008-04-01	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1536.nasl - Type : ACT_GATHER_INFO
2008-04-01	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xine-devel-5116.nasl - Type : ACT_GATHER_INFO
2008-03-31	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-089-03.nasl - Type : ACT_GATHER_INFO
2008-03-31	Name : The remote openSUSE host is missing a security update. File : suse_xine-devel-5113.nasl - Type : ACT_GATHER_INFO
2008-03-26	Name : The remote Fedora host is missing a security update. File : fedora_2008-2569.nasl - Type : ACT_GATHER_INFO
2008-03-21	Name : The remote VLC web server is affected by a format string vulnerability. File : vlc_0_8_6d_format_string.nasl - Type : ACT_DENIAL
2008-03-13	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200803-13.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:27:31	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	6
Oval ID(s)	9
CPE ID(s)	128
osvdb(s)	9
ExploitDB Exploit(s)	3
Openvas Exploit(s)	12
Snort® Rule(s)	2
Nessus® Exploit(s)	15

	Related
10	CVE-2008-0296
9.3	CVE-2008-0984
8.5	CVE-2008-0295
7.5	CVE-2007-6682
7.5	CVE-2007-6681
6.8	CVE-2008-1489
6.8	CVE-2008-0073
5	CVE-2007-6683
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 8 more Alert(s)