Date: Thu, 20 Aug 2015 17:27:57 -0400 From: Loren <loren@...ilofbits.com> To: oss-security@...ts.openwall.com Subject: Re: [oCERT-2015-009] VLC arbitrary pointer dereference POC for oCERT#2015-009 VLC arbitrary pointer dereference Running VLC v2.2.1 with sample_crash causes a segmentation fault on 0xccddeeff, an address read in from 0x1b6e6 in the sample_crash file. After this address is freed, vlc then attempts to free the next four bytes in the file, 0x1122331e. This data can be changed in the sample_crash file to free two arbitrary addresses. sample_crash : http://s000.tinyupload.com/?file_id=94915905821495818830 <http://s000.tinyupload.com/index.php?file_id=94915905821495818830> -Loren Maggiore Content of type "text/html" skipped Download attachment "smime.p7s" of type "application/pkcs7-signature" (3869 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ