Date: Wed, 19 Jan 2011 17:52:35 -0500 From: Dan Rosenberg <dan.j.rosenberg@...il.com> To: oss-security@...ts.openwall.com Subject: CVE request: heap corruption in VLC media player >From upstream git : "This patch resolves two heap corruption vulnerabilities in the CDG decoder for VLC media player. In both cases, a failure to properly validate indexes into statically-sized arrays on the heap allows a maliciously crafted CDG video to corrupt the heap in a controlled manner, potentially leading to code execution." -Dan  http://git.videolan.org/?p=vlc.git;a=commit;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.