oval:org.mitre.oval:def:8254

Definition Id: oval:org.mitre.oval:def:8254
 
Oval ID: oval:org.mitre.oval:def:8254
Title: DSA-1819 vlc -- several vulnerabilities
Description: Several vulnerabilities have been discovered in vlc, a multimedia player and streamer. The Common Vulnerabilities and Exposures project identifies the following problems: Drew Yao discovered that multiple integer overflows in the MP4 demuxer, Real demuxer and Cinepak codec can lead to the execution of arbitrary code. Drew Yao discovered that the Cinepak codec is prone to a memory corruption, which can be triggered by a crafted Cinepak file. Luigi Auriemma discovered that it is possible to execute arbitrary code via a long subtitle in an SSA file. It was discovered that vlc is prone to a search path vulnerability, which allows local users to perform privilege escalations. Alin Rad Pop discovered that it is possible to execute arbitrary code when opening a WAV file containing a large fmt chunk. Pinar Yanarda discovered that it is possible to execute arbitrary code when opening a crafted mmst link. Tobias Klein discovered that it is possible to execute arbitrary code when opening a crafted .ty file. Tobias Klein discovered that it is possible to execute arbitrary code when opening an invalid CUE image file with a crafted header.
Family: unix Class: patch
Reference(s): DSA-1819
CVE-2008-1768
CVE-2008-1769
CVE-2008-1881
CVE-2008-2147
CVE-2008-2430
CVE-2008-3794
CVE-2008-4686
CVE-2008-5032
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): vlc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6461
 
Oval ID: oval:org.mitre.oval:def:6461
Title: Debian GNU/Linux 4.0 is installed.
Description: Debian GNU/Linux 4.0 (etch) is installed
Family: unix Class: inventory
Reference(s): cpe:/o:debian:debian_gnu/linux:4.0
Version: 9
Platform(s): Debian GNU/Linux 4.0
Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:8254