oval:org.mitre.oval:def:7830

Definition Id: oval:org.mitre.oval:def:7830

Oval ID:	oval:org.mitre.oval:def:7830
Title:	DSA-1543 vlc -- several vulnerabilities
Description:	Luigi Auriemma, Alin Rad Pop, Reacute mi Denis-Courmont, Quovodis, Guido Landi, Felipe Manzano, Anibal Sacco and others discovered multiple vulnerabilities in vlc, an application for playback and streaming of audio and video. In the worst case, these weaknesses permit a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user running vlc. The Common Vulnerabilities and Exposures project identifies the following eight problems: A buffer overflow vulnerability in subtitle handling allows an attacker to execute arbitrary code through the opening of a maliciously crafted MicroDVD, SSA or Vplayer file. A format string vulnerability in the HTTP-based remote control facility of the vlc application allows a remote, unauthenticated attacker to execute arbitrary code. Insecure argument validation allows a remote attacker to overwrite arbitrary files writable by the user running vlc, if a maliciously crafted M3U playlist or MP3 audio file is opened. Heap buffer overflows in RTSP stream and session description protocol (SDP) handling allow an attacker to execute arbitrary code if a maliciously crafted RTSP stream is played. Insufficient integer bounds checking in SDP handling allows the execution of arbitrary code through a maliciously crafted SDP stream ID parameter in an RTSP stream. Insufficient integrity checking in the MP4 demuxer allows a remote attacker to overwrite arbitrary memory and execute arbitrary code if a maliciously crafted MP4 file is opened. An integer overflow vulnerability in MP4 handling allows a remote attacker to cause a heap buffer overflow, inducing a crash and possibly the execution of arbitrary code if a maliciously crafted MP4 file is opened.
Family:	unix	Class:	patch
Reference(s):	DSA-1543 CVE-2007-6681 CVE-2007-6682 CVE-2007-6683 CVE-2008-0295 CVE-2008-0296 CVE-2008-0073 CVE-2008-0984 CVE-2008-1489	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	vlc
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND Packages section wxvlc is earlier than 0.8.6-svn20061012.debian-5.1+etch2 AND vlc-plugin-alsa is earlier than 0.8.6-svn20061012.debian-5.1+etch2 AND vlc-nox is earlier than 0.8.6-svn20061012.debian-5.1+etch2 AND vlc-plugin-arts is earlier than 0.8.6-svn20061012.debian-5.1+etch2 AND vlc is earlier than 0.8.6-svn20061012.debian-5.1+etch2 AND mozilla-plugin-vlc is earlier than 0.8.6-svn20061012.debian-5.1+etch2 AND vlc-plugin-ggi is earlier than 0.8.6-svn20061012.debian-5.1+etch2 AND libvlc0-dev is earlier than 0.8.6-svn20061012.debian-5.1+etch2 AND vlc-plugin-sdl is earlier than 0.8.6-svn20061012.debian-5.1+etch2 AND vlc-plugin-esd is earlier than 0.8.6-svn20061012.debian-5.1+etch2 AND libvlc0 is earlier than 0.8.6-svn20061012.debian-5.1+etch2 OR Architecture dependent section Installed architecture is i386 AND Packages section vlc-plugin-glide is earlier than 0.8.6-svn20061012.debian-5.1+etch2 AND vlc-plugin-svgalib is earlier than 0.8.6-svn20061012.debian-5.1+etch2

Definition Id: oval:org.mitre.oval:def:6461

Oval ID:	oval:org.mitre.oval:def:6461
Title:	Debian GNU/Linux 4.0 is installed.
Description:	Debian GNU/Linux 4.0 (etch) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:4.0	Version:	9
Platform(s):	Debian GNU/Linux 4.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 4.0 is installed
Referenced By:
oval:org.mitre.oval:def:7830

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0302s

Facebook rss twitter linkedin mail