Executive Summary
Summary | |
---|---|
Title | VLC: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-200812-24 | First vendor Publication | 2008-12-24 |
Vendor | Gentoo | Last vendor Modification | 2008-12-24 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities in VLC may lead to the remote execution of arbitrary code. Background Description * A stack-based buffer overflow when processing CUE image files in modules/access/vcd/cdrom.c (CVE-2008-5032). * A stack-based buffer overflow when processing RealText (.rt) * An integer overflow when processing RealMedia (.rm) files in the ReadRealIndex() function in real.c in the Real demuxer plugin, Impact Workaround Resolution References Availability http://security.gentoo.org/glsa/glsa-200812-24.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-200812-24.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
33 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13455 | |||
Oval ID: | oval:org.mitre.oval:def:13455 | ||
Title: | DSA-1819-1 vlc -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in vlc, a multimedia player and streamer. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1768 Drew Yao discovered that multiple integer overflows in the MP4 demuxer, Real demuxer and Cinepak codec can lead to the execution of arbitrary code. CVE-2008-1769 Drew Yao discovered that the Cinepak codec is prone to a memory corruption, which can be triggered by a crafted Cinepak file. CVE-2008-1881 Luigi Auriemma discovered that it is possible to execute arbitrary code via a long subtitle in an SSA file. CVE-2008-2147 It was discovered that vlc is prone to a search path vulnerability, which allows local users to perform privilege escalations. CVE-2008-2430 Alin Rad Pop discovered that it is possible to execute arbitrary code when opening a WAV file containing a large fmt chunk. CVE-2008-3794 Pınar YanardaÄ discovered that it is possible to execute arbitrary code when opening a crafted mmst link. CVE-2008-4686 Tobias Klein discovered that it is possible to execute arbitrary code when opening a crafted .ty file. CVE-2008-5032 Tobias Klein discovered that it is possible to execute arbitrary code when opening an invalid CUE image file with a crafted header. For the oldstable distribution, these problems have been fixed in version 0.8.6-svn20061012.debian-5.1+etch3. For the stable distribution, these problems have been fixed in version 0.8.6.h-4+lenny2, which was already included in the lenny release. For the testing distribution and the unstable distribution, these problems have been fixed in version 0.8.6.h-5. We recommend that you upgrade your vlc packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1819-1 CVE-2008-1768 CVE-2008-1769 CVE-2008-1881 CVE-2008-2147 CVE-2008-2430 CVE-2008-3794 CVE-2008-4686 CVE-2008-5032 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | vlc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14329 | |||
Oval ID: | oval:org.mitre.oval:def:14329 | ||
Title: | Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 | ||
Description: | Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-5036 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | VLC Media Player |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14793 | |||
Oval ID: | oval:org.mitre.oval:def:14793 | ||
Title: | Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 | ||
Description: | Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-5276 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | VLC Media Player |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14798 | |||
Oval ID: | oval:org.mitre.oval:def:14798 | ||
Title: | Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 | ||
Description: | Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-5032 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | VLC Media Player |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8254 | |||
Oval ID: | oval:org.mitre.oval:def:8254 | ||
Title: | DSA-1819 vlc -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in vlc, a multimedia player and streamer. The Common Vulnerabilities and Exposures project identifies the following problems: Drew Yao discovered that multiple integer overflows in the MP4 demuxer, Real demuxer and Cinepak codec can lead to the execution of arbitrary code. Drew Yao discovered that the Cinepak codec is prone to a memory corruption, which can be triggered by a crafted Cinepak file. Luigi Auriemma discovered that it is possible to execute arbitrary code via a long subtitle in an SSA file. It was discovered that vlc is prone to a search path vulnerability, which allows local users to perform privilege escalations. Alin Rad Pop discovered that it is possible to execute arbitrary code when opening a WAV file containing a large fmt chunk. Pinar Yanarda discovered that it is possible to execute arbitrary code when opening a crafted mmst link. Tobias Klein discovered that it is possible to execute arbitrary code when opening a crafted .ty file. Tobias Klein discovered that it is possible to execute arbitrary code when opening an invalid CUE image file with a crafted header. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1819 CVE-2008-1768 CVE-2008-1769 CVE-2008-1881 CVE-2008-2147 CVE-2008-2430 CVE-2008-3794 CVE-2008-4686 CVE-2008-5032 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | vlc |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
VLC media player RealText subtitle file ParseRealText buffer overflow | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2009-06-23 | Name : Debian Security Advisory DSA 1819-1 (vlc) File : nvt/deb_1819_1.nasl |
2008-12-29 | Name : Gentoo Security Advisory GLSA 200812-24 (vlc) File : nvt/glsa_200812_24.nasl |
2008-12-10 | Name : FreeBSD Ports: vlc-devel File : nvt/freebsd_vlc-devel.nasl |
2008-12-09 | Name : VLC Media Player Buffer Overflow Vulnerability (Linux) File : nvt/gb_vlc_media_player_intgr_bof_vuln_lin.nasl |
2008-12-09 | Name : VLC Media Player Buffer Overflow Vulnerability (Win) File : nvt/gb_vlc_media_player_intgr_bof_vuln_win.nasl |
2008-11-19 | Name : FreeBSD Ports: vlc File : nvt/freebsd_vlc0.nasl |
2008-11-14 | Name : VLC Media Player Multiple Stack-Based BOF Vulnerabilities - Nov08 (Linux) File : nvt/gb_vlc_media_player_mult_bof_vuln_nov08_lin.nasl |
2008-11-14 | Name : VLC Media Player Multiple Stack-Based BOF Vulnerabilities - Nov08 (Win) File : nvt/gb_vlc_media_player_mult_bof_vuln_nov08_win.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
50333 | VLC Media Player modules/demux/real.c ReadRealIndex() Function Remote Overflow |
49809 | VLC Media Player RealText Demuxer Subtitle File Handling Overflow |
49808 | VLC Media Player CUE Demuxer Image File Handling Overflow A remote overflow exists in VideoLAN VLC Media Player. The media player fails to properly bounds check CUE Demuxer images resulting in a stack overflow. With a specially crafted image, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | VideoLAN VLC real.c ReadRealIndex real demuxer integer overflow attempt RuleID : 15241 - Revision : 15 - Type : FILE-MULTIMEDIA |
2014-01-10 | VideoLAN VLC Media Player RealText buffer overflow attempt RuleID : 15166 - Revision : 13 - Type : FILE-MULTIMEDIA |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-06-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1819.nasl - Type : ACT_GATHER_INFO |
2008-12-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200812-24.nasl - Type : ACT_GATHER_INFO |
2008-12-09 | Name : The remote Windows host contains an application that is affected by an intege... File : vlc_0_9_8a.nasl - Type : ACT_GATHER_INFO |
2008-12-08 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_acf80afac3ef11dda7210030843d3802.nasl - Type : ACT_GATHER_INFO |
2008-11-10 | Name : The remote Windows host contains an application that is affected by multiple ... File : vlc_0_9_6.nasl - Type : ACT_GATHER_INFO |
2008-11-09 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_4b09378eaddb11dda5780030843d3802.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:36:13 |
|