Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 20 Aug 2015 16:52:53 +0200
From: Alessandro Ghedini <>
To: Andrea Barisani <>
Subject: Re: [oCERT-2015-009] VLC arbitrary pointer dereference

On Thu, Aug 20, 2015 at 03:01:39pm +0200, Andrea Barisani wrote:
> #2015-009 VLC arbitrary pointer dereference
> Description:
> The VLC media player is an open source media player and streaming media
> server.
> The stable VLC version suffers from an arbitrary pointer dereference
> vulnerability.
> The vulnerability affects the 3GP file format parser, insufficient
> restrictions on a writable buffer can be exploited to execute arbitrary code
> via the heap memory. A specific 3GP file can be crafted to trigger the
> vulnerability.

So, is there a reproducer for this issue that you can share?


Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ