Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 20 Aug 2015 17:27:57 -0400
From: Loren <loren@...ilofbits.com>
To: oss-security@...ts.openwall.com
Subject: Re: [oCERT-2015-009] VLC arbitrary pointer dereference

POC for oCERT#2015-009 VLC arbitrary pointer dereference

Running VLC v2.2.1 with sample_crash causes a segmentation fault on 0xccddeeff, an address read in from 0x1b6e6 in the sample_crash file. After this address is freed, vlc then attempts to free the next four bytes in the file, 0x1122331e. 

This data can be changed in the sample_crash file to free two arbitrary addresses. 

sample_crash : http://s000.tinyupload.com/?file_id=94915905821495818830 <http://s000.tinyupload.com/index.php?file_id=94915905821495818830> 

-Loren Maggiore
Content of type "text/html" skipped

Download attachment "smime.p7s" of type "application/pkcs7-signature" (3869 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ