Ubuntu
vlc package

[CVE-2008-1489] buffer overflow in MP4 demuxer in vlc 0.8.6e

Bug #207284 reported by William Grant
270
Affects Status Importance Assigned to Milestone
vlc (Gentoo Linux)
Fix Released
Medium
vlc (Ubuntu)
Fix Released
Undecided
Unassigned
Dapper
Fix Released
Medium
Emanuele Gentili
Edgy
Won't Fix
Medium
Emanuele Gentili
Feisty
Fix Released
Medium
Emanuele Gentili
Gutsy
Fix Released
Medium
Emanuele Gentili
Hardy
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: vlc

DESCRIPTION:
A vulnerability has been reported in VLC Media Player, which
potentially can be exploited by malicious people to compromise a
user's system.

The vulnerability is caused due to an integer overflow error within
"MP4_ReadBox_rdrf()" in modules/demux/mp4/libmp4.c and can be
exploited to cause a heap-based buffer overflow via e.g. a MP4 file
with a specially crafted RDRF atom.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in version 0.8.6e. Other versions may
also be affected.

SOLUTION:
Fixed in the GIT repository.
http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vlc - 0.8.6.release.e+x264svn20071224+faad2.6.1-0ubuntu2

---------------
vlc (0.8.6.release.e+x264svn20071224+faad2.6.1-0ubuntu2) hardy; urgency=low

  * Add 031_CVE_2008_1489.diff from git head
    to fix CVE-2008-1489. (LP: #207284)

 -- Mario Limonciello <email address hidden> Thu, 27 Mar 2008 21:55:17 -0500

Changed in vlc:
status: New → Fix Released
William Grant (wgrant)
Changed in vlc:
status: New → Confirmed
status: New → Confirmed
status: New → Confirmed
status: New → Confirmed
Revision history for this message
Emanuele Gentili (emgent) wrote :
Changed in vlc:
assignee: nobody → emgent
importance: Undecided → Medium
status: Confirmed → In Progress
assignee: nobody → emgent
importance: Undecided → Medium
Revision history for this message
Emanuele Gentili (emgent) wrote :
Changed in vlc:
status: Confirmed → In Progress
Revision history for this message
Emanuele Gentili (emgent) wrote :
Changed in vlc:
assignee: nobody → emgent
importance: Undecided → Medium
status: Confirmed → In Progress
assignee: nobody → emgent
importance: Undecided → Medium
status: Confirmed → In Progress
Revision history for this message
Emanuele Gentili (emgent) wrote :
Bug Watch Updater (bug-watch-updater)
Changed in vlc:
status: Unknown → In Progress
Bug Watch Updater (bug-watch-updater)
Changed in vlc:
status: In Progress → Fix Released
Revision history for this message
Hew (hew) wrote :

Ubuntu Edgy Eft is no longer supported, so a SRU will not be issued for this release. Marking Edgy as Won't Fix.

Changed in vlc:
status: In Progress → Won't Fix
Jamie Strandboge (jdstrand)
Changed in vlc:
status: In Progress → Fix Committed
status: Won't Fix → Fix Committed
status: In Progress → Fix Committed
status: In Progress → Fix Committed
Jamie Strandboge (jdstrand)
Changed in vlc:
status: Fix Committed → Won't Fix
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vlc - 0.8.6.release.c-0ubuntu5.2

---------------
vlc (0.8.6.release.c-0ubuntu5.2) gutsy-security; urgency=low

  * SECURITY UPDATE: (LP: #207284)
   + debian/patches/031_CVE-2008-1489.diff
    - Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c allows
      remote attackers to cause a denial of service (crash) and possibly
      execute arbitrary code via a crafted MP4 RDRF box that triggers a
      heap-based buffer overflow.

  * References
   + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1489
   + http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a

 -- Emanuele Gentili <email address hidden> Tue, 01 Apr 2008 02:33:08 +0200

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vlc - 0.8.6.release-0ubuntu4.2

---------------
vlc (0.8.6.release-0ubuntu4.2) feisty-security; urgency=low

  * SECURITY UPDATE: (LP: #207284)
   + debian/patches/031_CVE-2008-1489.diff
    - Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c allows
      remote attackers to cause a denial of service (crash) and possibly
      execute arbitrary code via a crafted MP4 RDRF box that triggers a
      heap-based buffer overflow.

  * References
   + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1489
   + http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a

 -- Emanuele Gentili <email address hidden> Tue, 01 Apr 2008 02:58:30 +0200

Changed in vlc:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Jamie Strandboge (jdstrand)
Changed in vlc:
status: Fix Committed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in vlc (Gentoo Linux):
importance: Unknown → Medium
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.