<vlc-2.0.2: Ogg Heap buffer overflow & CVE-2012-2396

Bug #1020403 reported by Karma Dorje on 2012-07-03
This bug report is a duplicate of:  Bug #1025713: SRU request for VLC 2.0.2/2.0.3. Edit Remove
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Gentoo Linux
Unknown
Medium
vlc (Debian)
Fix Released
Unknown
vlc (Ubuntu)
Undecided
Unassigned
Precise
Undecided
Unassigned

Bug Description

It includes the following security content:

Fixed Ogg Heap buffer overflow
ogg: Fix a heap buffer overflow.
Reported by: An anonymous contributor working with the SecuriTeam Secure
Disclosure
program (http://www.beyondsecurity.com/ssd.html)
(cherry picked from commit 6a41b030f5b7fcbe5ad7249c374172c0fdc29add)
http://git.videolan.org/gitweb.cgi/vlc/vlc-2.0.git/?a=commit;h=16e9e126333fb7acb47d363366fee3deadc8331e

Updated taglib (CVE-2012-2396)

CVE References

Not much more information besides vlc-2.0.2 NEWS file:
Security:
 * Fix Ogg Heap buffer overflow

and this commit:
http://git.videolan.org/gitweb.cgi/vlc/vlc-2.0.git/?a=commit;h=16e9e126333fb7acb47d363366fee3deadc8331e

2.0.2 should be safe to stabilise though.

In , J-ago (j-ago) wrote :

ok to proceed with stabilization?

Karma Dorje (taaroa) on 2012-07-03
summary: - vlc-2.0.2: Ogg Heap buffer overflow & CVE-2012-2396
+ <vlc-2.0.2: Ogg Heap buffer overflow & CVE-2012-2396
visibility: private → public
Changed in vlc (Debian):
status: Unknown → Fix Released
Micah Gersten (micahg) wrote :

2.0.2 is in quantal

Changed in vlc (Ubuntu):
status: New → Fix Released
Changed in gentoo:
importance: Unknown → Medium

CVE-2012-3377 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3377):
  Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG
  demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2
  allows remote attackers to cause a denial of service (application crash) and
  possibly execute arbitrary code via a crafted OGG file.

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.