Launchpad CVE tracker

CVE 2010-3907

Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a zero i_subpackets value in a Real Media file, leading to a heap-based buffer overflow.

Related bugs and status

CVE-2010-3907 (Candidate) is related to these bugs:

Bug #448082: vlc crashed with SIGSEGV in QMetaObject::activate()

Summary				In	Importance	Status
	448082	vlc crashed with SIGSEGV in QMetaObject::activate()		vlc (Ubuntu)	Medium	Fix Released
	448082	vlc crashed with SIGSEGV in QMetaObject::activate()		VLC media player	Unknown	Fix Released

Bug #665298: Blue face (a.k.a smurf effect) issue with x11 output with 16bit color depth

Summary				In	Importance	Status
	665298	Blue face (a.k.a smurf effect) issue with x11 output with 16bit color depth		vlc (Ubuntu)	Low	Fix Released
	665298	Blue face (a.k.a smurf effect) issue with x11 output with 16bit color depth		VLC media player	Low	Fix Released

Bug #690173: Memory corruption in RealMedia parsing

		In	Importance	Status
690173	Memory corruption in RealMedia parsing	vlc (Ubuntu)	Undecided	Fix Released
690173	Memory corruption in RealMedia parsing	VLC media player	Critical	Fix Released
690173	Memory corruption in RealMedia parsing	vlc (Ubuntu Lucid)	Undecided	Fix Released
690173	Memory corruption in RealMedia parsing	vlc (Ubuntu Maverick)	Undecided	Fix Released

Bug #709315: [needs-update] VLC media player 1.1.7

Summary				In	Importance	Status
	709315	[needs-update] VLC media player 1.1.7		GetDeb Software Portal	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-3907

References