oval:org.mitre.oval:def:13455
Definition Id: oval:org.mitre.oval:def:13455 | |||
Oval ID: | oval:org.mitre.oval:def:13455 | ||
Title: | DSA-1819-1 vlc -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in vlc, a multimedia player and streamer. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1768 Drew Yao discovered that multiple integer overflows in the MP4 demuxer, Real demuxer and Cinepak codec can lead to the execution of arbitrary code. CVE-2008-1769 Drew Yao discovered that the Cinepak codec is prone to a memory corruption, which can be triggered by a crafted Cinepak file. CVE-2008-1881 Luigi Auriemma discovered that it is possible to execute arbitrary code via a long subtitle in an SSA file. CVE-2008-2147 It was discovered that vlc is prone to a search path vulnerability, which allows local users to perform privilege escalations. CVE-2008-2430 Alin Rad Pop discovered that it is possible to execute arbitrary code when opening a WAV file containing a large fmt chunk. CVE-2008-3794 Pınar YanardaÄ discovered that it is possible to execute arbitrary code when opening a crafted mmst link. CVE-2008-4686 Tobias Klein discovered that it is possible to execute arbitrary code when opening a crafted .ty file. CVE-2008-5032 Tobias Klein discovered that it is possible to execute arbitrary code when opening an invalid CUE image file with a crafted header. For the oldstable distribution, these problems have been fixed in version 0.8.6-svn20061012.debian-5.1+etch3. For the stable distribution, these problems have been fixed in version 0.8.6.h-4+lenny2, which was already included in the lenny release. For the testing distribution and the unstable distribution, these problems have been fixed in version 0.8.6.h-5. We recommend that you upgrade your vlc packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1819-1 CVE-2008-1768 CVE-2008-1769 CVE-2008-1881 CVE-2008-2147 CVE-2008-2430 CVE-2008-3794 CVE-2008-4686 CVE-2008-5032 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | vlc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6461 | |||
Oval ID: | oval:org.mitre.oval:def:6461 | ||
Title: | Debian GNU/Linux 4.0 is installed. | ||
Description: | Debian GNU/Linux 4.0 (etch) is installed | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:debian:debian_gnu/linux:4.0 | Version: | 9 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:13455 |