heap overflow in CDG decoder and XML heap corruption
Bug #707154 reported by
Benjamin Drung
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
vlc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Unassigned | ||
Maverick |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: vlc
There are two security bugs:
* heap overflows in CDG decoder
* heap corruption in some XML based subtitles decoder
CVE References
security vulnerability: | no → yes |
To post a comment you must log in.
Here are the debdiffs for maverick-security (vlc_1. 1.4-1ubuntu1. 3) and lucid-security (vlc_1. 0.6-1ubuntu1. 4). Both build on amd64. The security issue will be closed in natty with the upstream release 1.1.6, which will land in natty soon.