Date: Thu, 20 Aug 2015 16:52:53 +0200 From: Alessandro Ghedini <alessandro@...dini.me> To: Andrea Barisani <lcars@...rt.org> Cc: oss-security@...ts.openwall.com Subject: Re: [oCERT-2015-009] VLC arbitrary pointer dereference On Thu, Aug 20, 2015 at 03:01:39pm +0200, Andrea Barisani wrote: > > #2015-009 VLC arbitrary pointer dereference > > Description: > > The VLC media player is an open source media player and streaming media > server. > > The stable VLC version suffers from an arbitrary pointer dereference > vulnerability. > > The vulnerability affects the 3GP file format parser, insufficient > restrictions on a writable buffer can be exploited to execute arbitrary code > via the heap memory. A specific 3GP file can be crafted to trigger the > vulnerability. So, is there a reproducer for this issue that you can share? Thanks Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ