Date: Wed, 30 Mar 2016 12:24:12 -0700 From: Seth Arnold <seth.arnold@...onical.com> To: oss-security@...ts.openwall.com Subject: Re: Re: CVE request: Heap overflow in VLC 2.1.6 processing wav files On Wed, Mar 30, 2016 at 03:24:54PM -0300, Gustavo Grieco wrote: > For some reason, the attached test case did not go to the mailing list. > Let's try again.. > > 2016-03-30 14:43 GMT-03:00 Gustavo Grieco <gustavo.grieco@...il.com>: > > > Hi, > > > > We found a buffer overflow in the parsing and processing of wav files in > > VLC (version 2.1.6-0). It was tested in Ubuntu 14.04 (x86_64), but it will > > probably affects other versions as well. Fortunately, it seems to be fixed > > in the last release of VLC. Here you can see the gdb stack trace: It didn't come through the second try either; it's attached to the bug report at: https://bugs.launchpad.net/ubuntu/+source/vlc/+bug/1533633 Thanks Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.