2014-11-07 14:52:23 |
JB VideoLAN |
bug |
|
|
added bug |
2014-11-07 14:53:50 |
JB VideoLAN |
information type |
Private Security |
Public Security |
|
2014-11-07 14:55:12 |
JB VideoLAN |
description |
Since VLC 2.2.0pre4, we've fixed a lot of head overflows, and heap buffer overflows in numerous VLC demuxers:
- demux: asf: stay within track limits
- demux: libmp4: fix heap overflow in stdp debug code (fix #12358)
- demux: mp4: fix heap buffer ofw with zero chunk (fix #12356)
- demux: tta: fix heap buffer ofw (fix #12357)
- demux: livavi: fix heap buffer ofw in strf parsing (fix #12359)
- demux: libavi: fix heap write ofw
- demux: ogg: fix use after free (fix #12360)
- demux: mp4: fix heap read ofw in extra bytes
- demux: asf: fix heap buffer write ofw in priorities (fix #12363)
- demux: mp4: fix last chunk size computation (fix #12362)
- demux: libmp4: fix heap buffer write ofw in chpl (fix #12366)
So far, we don't know any exploits, but the number is quite high, to be worrying.
Since you package -pre2 in Utopic, you should care also about the following int overflows, heap buffer overflows, heap overflows and other important crashes:
access: dvdread: fix int overflow (cid #1062572)
addons: fix deference before null check (cid #1231840)
demux: mp4: fix integer overflow (fix #12074)
packetizer: dirac: block sanitizing must clean reordering (fix #12051)
demux: avi:fix block reading
demux: mp4: fix heap buffer overflow (fix #12266)
demux: ogg: Don't read skeleton if no bones first
demux: ogg: don't use incomplete vorbis headers (fix #12270)
demux: ogg: fix headers validation
demux: mp4: fix heap read overflow in avcc (fix #12267)
demux: ogg: fix packet count heap overflow (fix #12265)
demux: mp4: don't read at all if not content
demux: mp4: fix heap overflow (fix #12283)
demux: mp4: don't trust atom type processing stsd (fix #12285)
demux: mp4: fix heap overflow reading esds
demux: mp4: fix heap read overflow in vide handler
demux: mp4: fix overflow in cprt language decoding
input: stream_memory: handle skip reads |
Since VLC 2.2.0pre4, we've fixed a lot of head overflows, and heap buffer overflows in numerous VLC demuxers:
- demux: asf: stay within track limits
- demux: libmp4: fix heap overflow in stdp debug code (fix #12358)
- demux: mp4: fix heap buffer ofw with zero chunk (fix #12356)
- demux: tta: fix heap buffer ofw (fix #12357)
- demux: livavi: fix heap buffer ofw in strf parsing (fix #12359)
- demux: libavi: fix heap write ofw
- demux: ogg: fix use after free (fix #12360)
- demux: mp4: fix heap read ofw in extra bytes
- demux: asf: fix heap buffer write ofw in priorities (fix #12363)
- demux: mp4: fix last chunk size computation (fix #12362)
- demux: libmp4: fix heap buffer write ofw in chpl (fix #12366)
So far, we don't know any exploits, but the number is quite high, to be worrying.
Since you package -pre2 in Utopic, you should care also about the following int overflows, heap buffer overflows, heap overflows and other important crashes:
access: dvdread: fix int overflow (cid #1062572)
addons: fix deference before null check (cid #1231840)
demux: mp4: fix integer overflow (fix #12074)
packetizer: dirac: block sanitizing must clean reordering (fix #12051)
demux: avi:fix block reading
demux: mp4: fix heap buffer overflow (fix #12266)
demux: ogg: Don't read skeleton if no bones first
demux: ogg: don't use incomplete vorbis headers (fix #12270)
demux: ogg: fix headers validation
demux: mp4: fix heap read overflow in avcc (fix #12267)
demux: ogg: fix packet count heap overflow (fix #12265)
demux: mp4: don't read at all if not content
demux: mp4: fix heap overflow (fix #12283)
demux: mp4: don't trust atom type processing stsd (fix #12285)
demux: mp4: fix heap overflow reading esds
demux: mp4: fix heap read overflow in vide handler
demux: mp4: fix overflow in cprt language decoding
input: stream_memory: handle skip reads
Please note that there is no new features whatsoever in VLC since the -pre2 version, but only bug fixes. |
|
2014-11-07 14:56:55 |
JB VideoLAN |
description |
Since VLC 2.2.0pre4, we've fixed a lot of head overflows, and heap buffer overflows in numerous VLC demuxers:
- demux: asf: stay within track limits
- demux: libmp4: fix heap overflow in stdp debug code (fix #12358)
- demux: mp4: fix heap buffer ofw with zero chunk (fix #12356)
- demux: tta: fix heap buffer ofw (fix #12357)
- demux: livavi: fix heap buffer ofw in strf parsing (fix #12359)
- demux: libavi: fix heap write ofw
- demux: ogg: fix use after free (fix #12360)
- demux: mp4: fix heap read ofw in extra bytes
- demux: asf: fix heap buffer write ofw in priorities (fix #12363)
- demux: mp4: fix last chunk size computation (fix #12362)
- demux: libmp4: fix heap buffer write ofw in chpl (fix #12366)
So far, we don't know any exploits, but the number is quite high, to be worrying.
Since you package -pre2 in Utopic, you should care also about the following int overflows, heap buffer overflows, heap overflows and other important crashes:
access: dvdread: fix int overflow (cid #1062572)
addons: fix deference before null check (cid #1231840)
demux: mp4: fix integer overflow (fix #12074)
packetizer: dirac: block sanitizing must clean reordering (fix #12051)
demux: avi:fix block reading
demux: mp4: fix heap buffer overflow (fix #12266)
demux: ogg: Don't read skeleton if no bones first
demux: ogg: don't use incomplete vorbis headers (fix #12270)
demux: ogg: fix headers validation
demux: mp4: fix heap read overflow in avcc (fix #12267)
demux: ogg: fix packet count heap overflow (fix #12265)
demux: mp4: don't read at all if not content
demux: mp4: fix heap overflow (fix #12283)
demux: mp4: don't trust atom type processing stsd (fix #12285)
demux: mp4: fix heap overflow reading esds
demux: mp4: fix heap read overflow in vide handler
demux: mp4: fix overflow in cprt language decoding
input: stream_memory: handle skip reads
Please note that there is no new features whatsoever in VLC since the -pre2 version, but only bug fixes. |
Since VLC 2.2.0pre4, we've fixed a lot of head overflows, and heap buffer overflows in numerous VLC demuxers:
- demux: asf: stay within track limits
- demux: libmp4: fix heap overflow in stdp debug code (fix #12358)
- demux: mp4: fix heap buffer ofw with zero chunk (fix #12356)
- demux: tta: fix heap buffer ofw (fix #12357)
- demux: livavi: fix heap buffer ofw in strf parsing (fix #12359)
- demux: libavi: fix heap write ofw
- demux: ogg: fix use after free (fix #12360)
- demux: mp4: fix heap read ofw in extra bytes
- demux: asf: fix heap buffer write ofw in priorities (fix #12363)
- demux: mp4: fix last chunk size computation (fix #12362)
- demux: libmp4: fix heap buffer write ofw in chpl (fix #12366)
So far, we don't know any exploits, or even if they are exploitable, but the number is high enough to be worrying.
Since you package -pre2 in Utopic, you should care also about the following int overflows, heap buffer overflows, heap overflows and other important crashes:
access: dvdread: fix int overflow (cid #1062572)
addons: fix deference before null check (cid #1231840)
demux: mp4: fix integer overflow (fix #12074)
packetizer: dirac: block sanitizing must clean reordering (fix #12051)
demux: avi:fix block reading
demux: mp4: fix heap buffer overflow (fix #12266)
demux: ogg: Don't read skeleton if no bones first
demux: ogg: don't use incomplete vorbis headers (fix #12270)
demux: ogg: fix headers validation
demux: mp4: fix heap read overflow in avcc (fix #12267)
demux: ogg: fix packet count heap overflow (fix #12265)
demux: mp4: don't read at all if not content
demux: mp4: fix heap overflow (fix #12283)
demux: mp4: don't trust atom type processing stsd (fix #12285)
demux: mp4: fix heap overflow reading esds
demux: mp4: fix heap read overflow in vide handler
demux: mp4: fix overflow in cprt language decoding
input: stream_memory: handle skip reads
Please note that there is no new features whatsoever in VLC since the -pre2 version, but only bug fixes. |
|
2014-11-07 14:57:55 |
JB VideoLAN |
information type |
Public Security |
Private Security |
|
2014-11-07 14:57:57 |
JB VideoLAN |
information type |
Private Security |
Public Security |
|
2014-11-16 08:52:54 |
Launchpad Janitor |
vlc (Ubuntu): status |
New |
Confirmed |
|
2014-11-16 08:53:13 |
Uwe L. Korn |
bug |
|
|
added subscriber Uwe L. Korn |
2015-02-28 12:27:58 |
Nicolas DERIVE |
bug |
|
|
added subscriber Nicolas DERIVE |
2015-03-26 13:40:37 |
Marc Deslauriers |
nominated for series |
|
Ubuntu Vivid |
|
2015-03-26 13:40:37 |
Marc Deslauriers |
bug task added |
|
vlc (Ubuntu Vivid) |
|
2015-03-26 13:40:37 |
Marc Deslauriers |
nominated for series |
|
Ubuntu Utopic |
|
2015-03-26 13:40:37 |
Marc Deslauriers |
bug task added |
|
vlc (Ubuntu Utopic) |
|
2015-03-26 13:40:45 |
Marc Deslauriers |
vlc (Ubuntu Vivid): status |
Confirmed |
Fix Committed |
|
2015-03-26 13:40:48 |
Marc Deslauriers |
vlc (Ubuntu Utopic): status |
New |
In Progress |
|
2015-03-26 13:40:50 |
Marc Deslauriers |
vlc (Ubuntu Utopic): assignee |
|
Marc Deslauriers (mdeslaur) |
|
2015-03-26 13:40:52 |
Marc Deslauriers |
vlc (Ubuntu Vivid): assignee |
|
Marc Deslauriers (mdeslaur) |
|
2015-03-26 14:43:31 |
Marc Deslauriers |
vlc (Ubuntu Utopic): status |
In Progress |
Fix Released |
|
2015-03-27 13:44:20 |
Marc Deslauriers |
vlc (Ubuntu Vivid): status |
Fix Committed |
Fix Released |
|
2015-08-29 13:12:12 |
Roger |
affects |
vlc (Ubuntu Vivid) |
npapi-vlc (Ubuntu Vivid) |
|
2015-08-29 15:02:35 |
Marc Deslauriers |
affects |
npapi-vlc (Ubuntu) |
vlc (Ubuntu) |
|