Date: Tue, 26 Aug 2008 10:39:58 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: Nico Golde <oss-security+ml@...lde.de> cc: oss-security@...ts.openwall.com Subject: Re: CVE id request: vlc ====================================================== Name: CVE-2008-3794 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3794 Reference: MILW0RM:6293 Reference: URL:http://www.milw0rm.com/exploits/6293 Reference: MLIST:[oss-security] 20080824 Re: CVE id request: vlc Reference: URL:http://www.openwall.com/lists/oss-security/2008/08/24/3 Reference: MLIST:[vlc-devel] 20080824 commit: MMS integers handling fixes, including buffer overflow ( Rémi Denis-Courmont ) Reference: URL:http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048488.html Reference: MISC:http://www.orange-bat.com/adv/2008/adv.08.24.txt Reference: BID:30806 Reference: URL:http://www.securityfocus.com/bid/30806 Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a stack-based buffer overflow.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.