Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-1443

The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty location element in an XML Shareable Playlist Format (XSPF) document.

Related bugs and status

CVE-2010-1443 (Candidate) is related to these bugs:

Bug #568859: vlc 1.0.6 fixes security issues

		In	Importance	Status
568859	vlc 1.0.6 fixes security issues	vlc (Ubuntu)	Undecided	Fix Released
568859	vlc 1.0.6 fixes security issues	vlc (Debian)	Unknown	Fix Released
568859	vlc 1.0.6 fixes security issues	VLC media player	Undecided	Fix Released
568859	vlc 1.0.6 fixes security issues	Hardy Backports	Undecided	Invalid
568859	vlc 1.0.6 fixes security issues	Jaunty Jackalope Backports	Undecided	Invalid
568859	vlc 1.0.6 fixes security issues	Karmic Backports	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2010042...
CONFIRM: http://git.videolan.or...
CONFIRM: http://www.videolan.or...