Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 30 Mar 2016 12:24:12 -0700
From: Seth Arnold <seth.arnold@...onical.com>
To: oss-security@...ts.openwall.com
Subject: Re: Re: CVE request: Heap overflow in VLC 2.1.6
 processing wav files

On Wed, Mar 30, 2016 at 03:24:54PM -0300, Gustavo Grieco wrote:
> For some reason, the attached test case did not go to the mailing list.
> Let's try again..
> 
> 2016-03-30 14:43 GMT-03:00 Gustavo Grieco <gustavo.grieco@...il.com>:
> 
> > Hi,
> >
> > We found a buffer overflow in the parsing and processing of wav files in
> > VLC (version 2.1.6-0). It was tested in Ubuntu 14.04 (x86_64), but it will
> > probably affects other versions as well. Fortunately, it seems to be fixed
> > in the last release of VLC. Here you can see the gdb stack trace:

It didn't come through the second try either; it's attached to the bug
report at:
https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1533633

Thanks

Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.