Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 20 Aug 2015 16:52:53 +0200
From: Alessandro Ghedini <alessandro@...dini.me>
To: Andrea Barisani <lcars@...rt.org>
Cc: oss-security@...ts.openwall.com
Subject: Re: [oCERT-2015-009] VLC arbitrary pointer dereference

On Thu, Aug 20, 2015 at 03:01:39pm +0200, Andrea Barisani wrote:
> 
> #2015-009 VLC arbitrary pointer dereference
> 
> Description:
> 
> The VLC media player is an open source media player and streaming media
> server.
> 
> The stable VLC version suffers from an arbitrary pointer dereference
> vulnerability.
> 
> The vulnerability affects the 3GP file format parser, insufficient
> restrictions on a writable buffer can be exploited to execute arbitrary code
> via the heap memory. A specific 3GP file can be crafted to trigger the
> vulnerability.

So, is there a reproducer for this issue that you can share?

Thanks

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ