Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-2937

The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file.

Related bugs and status

CVE-2010-2937 (Candidate) is related to these bugs:

Bug #616510: Insufficient validation of ID3v2 tags

		In	Importance	Status
616510	Insufficient validation of ID3v2 tags	vlc (Ubuntu)	Undecided	Fix Released
616510	Insufficient validation of ID3v2 tags	VLC media player	High	Fix Released
616510	Insufficient validation of ID3v2 tags	vlc (Debian)	Unknown	Fix Released
616510	Insufficient validation of ID3v2 tags	vlc (Ubuntu Jaunty)	Undecided	Won't Fix
616510	Insufficient validation of ID3v2 tags	vlc (Ubuntu Karmic)	Undecided	Won't Fix
616510	Insufficient validation of ID3v2 tags	vlc (Ubuntu Lucid)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://git.videolan.or...
CONFIRM: http://git.videolan.or...
CONFIRM: http://www.videolan.or...
BID: 42386
VUPEN: ADV-2010-2087
OVAL: oval:org.mitre.oval:de...