Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 20 Aug 2015 17:27:57 -0400
From: Loren <>
Subject: Re: [oCERT-2015-009] VLC arbitrary pointer dereference

POC for oCERT#2015-009 VLC arbitrary pointer dereference

Running VLC v2.2.1 with sample_crash causes a segmentation fault on 0xccddeeff, an address read in from 0x1b6e6 in the sample_crash file. After this address is freed, vlc then attempts to free the next four bytes in the file, 0x1122331e. 

This data can be changed in the sample_crash file to free two arbitrary addresses. 

sample_crash : <> 

-Loren Maggiore
Content of type "text/html" skipped

Download attachment "smime.p7s" of type "application/pkcs7-signature" (3869 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ