Launchpad.net

CVE 2007-6681

Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.

Related bugs and status

CVE-2007-6681 (Candidate) is related to these bugs:

Bug #214977: [vlc] [DSA-1543-1] several vulnerabilities

Summary				In	Importance	Status
	214977	[vlc] [DSA-1543-1] several vulnerabilities		vlc (Ubuntu)	Undecided	New

Bug #238873: vlc in Hardy needs a security update

		In	Importance	Status
238873	vlc in Hardy needs a security update	vlc (Ubuntu)	High	Fix Released
238873	vlc in Hardy needs a security update	vlc (Ubuntu Dapper)	Undecided	Invalid
238873	vlc in Hardy needs a security update	vlc (Ubuntu Feisty)	Undecided	Won't Fix
238873	vlc in Hardy needs a security update	vlc (Ubuntu Gutsy)	Undecided	Won't Fix
238873	vlc in Hardy needs a security update	vlc (Ubuntu Intrepid)	High	Fix Released
238873	vlc in Hardy needs a security update	vlc (Ubuntu Hardy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

BUGTRAQ: 20071224 Buffer-overfl...
MLIST: [vlc-devel] 20070626 s...
MLIST: [vlc-devel] 20070630 v...
BID: 27015
GENTOO: GLSA-200803-13
SECUNIA: 29284
DEBIAN: DSA-1543
SECUNIA: 29766
SREASON: 3550
GENTOO: GLSA-200804-25
CONFIRM: http://wiki.videolan.o...
CONFIRM: http://www.videolan.or...
SECUNIA: 29800
OSVDB: 42207
MISC: http://aluigi.altervis...
SECUNIA: 28233
EXPLOIT-DB: 5667
OVAL: oval:org.mitre.oval:de...