VLC Arbitrary memory overwrite in the MP4 demuxer

Bug #195949 reported by Emanuele Gentili on 2008-02-26
258
Affects Status Importance Assigned to Milestone
vlc (Ubuntu)
Medium
Mario Limonciello
Dapper
Medium
Emanuele Gentili
Edgy
Medium
Emanuele Gentili
Feisty
Medium
Emanuele Gentili
Gutsy
Medium
Emanuele Gentili
Hardy
Medium
Mario Limonciello

Bug Description

Binary package hint: vlc

VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer) suffers from an arbitrary memory overwrite vulnerability when using specially crafted (invalid) MP4 input files.

If successful, a malicious third party could trigger execution of arbitrary code within the context of the VLC media player, or otherwise crash the player instance.

Changed in vlc:
assignee: nobody → emgent
importance: Undecided → Medium
status: New → In Progress
Emanuele Gentili (emgent) wrote :

added ubuntu-universe-sponsor for upload this fix in hardy.

now working to gutsy.

Emanuele Gentili (emgent) wrote :

corrected version in hardy.

Michael Bienia (geser) wrote :

Did you check it builds correctly in hardy? vlc needs adjustments to build with xulrunner-1.9 in hardy. And one could also fix bug 194907 while working on it.

Mario Limonciello (superm1) wrote :

I'll take care of making it work with xulrunner-1.9

Changed in vlc:
assignee: emgent → superm1
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vlc - 0.8.6.release.d-0ubuntu4

---------------
vlc (0.8.6.release.d-0ubuntu4) hardy; urgency=low

  [ Emanuele Gentili ]
  * SECURITY UPDATE:
    - debian/patches/021_CVE-2008-0984.diff (LP: #195949)
     + VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer) suffers
       from an arbitrary memory overwrite vulnerability when using crash the player
       instance.

  * References
    - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0984
    - http://www.videolan.org/security/sa0802.html

  [ Mario Limonciello ]
  * debian/control:
    - Build debian on libxul-dev instead of firefox-dev
  * debian/rules:
    - Use xulrunner-config rather than firefox-config (LP: #194907)

 -- Emanuele Gentili <email address hidden> Wed, 27 Feb 2008 00:33:06 +0100

Changed in vlc:
status: In Progress → Fix Released
Changed in vlc:
assignee: nobody → emgent
importance: Undecided → Medium
assignee: nobody → emgent
importance: Undecided → Medium
assignee: nobody → emgent
importance: Undecided → Medium
assignee: nobody → emgent
importance: Undecided → Medium
Changed in vlc:
status: New → In Progress
status: New → In Progress
status: New → In Progress
status: New → In Progress
Jamie Strandboge (jdstrand) wrote :

Uploaded with minor changes to the changelog.

Changed in vlc:
status: In Progress → Fix Committed
status: In Progress → Fix Committed
status: In Progress → Fix Committed
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vlc - 0.8.6.release.c-0ubuntu5.1

---------------
vlc (0.8.6.release.c-0ubuntu5.1) gutsy-security; urgency=low

  * SECURITY UPDATE:
    - debian/patches/031_CVE-2008-0984.diff (LP: #195949)
     + VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer)
       suffers from an arbitrary memory overwrite vulnerability when using
       crash the player instance.

  * References
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0984
    - http://www.videolan.org/security/sa0802.html

 -- Emanuele Gentili <email address hidden> Wed, 27 Feb 2008 01:28:37 +0100

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vlc - 0.8.6.release-0ubuntu4.1

---------------
vlc (0.8.6.release-0ubuntu4.1) feisty-security; urgency=low

  * SECURITY UPDATE:
    - debian/patches/031_CVE-2008-0984.diff (LP: #195949)
     + VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer)
       suffers from an arbitrary memory overwrite vulnerability when using
       crash the player instance.

  * References
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0984
    - http://www.videolan.org/security/sa0802.html

 -- Emanuele Gentili <email address hidden> Wed, 27 Feb 2008 02:48:48 +0100

Changed in vlc:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Jamie Strandboge (jdstrand) wrote :

vlc (0.8.4.debian-1ubuntu6.2) dapper-security; urgency=low

  * SECURITY UPDATE:
    - debian/patches/CVE-2008-0984.dpatch (LP: #195949)
     + VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer)
       suffers from an arbitrary memory overwrite vulnerability when using
       crash the player instance.

  * References
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0984
    - http://www.videolan.org/security/sa0802.html

 -- Emanuele Gentili <email address hidden> Wed, 27 Feb 2008 03:09:28 +0100

Changed in vlc:
status: Fix Committed → Fix Released
Jamie Strandboge (jdstrand) wrote :

vlc (0.8.6-svn20061012.debian-1ubuntu1.2) edgy-security; urgency=low

  * SECURITY UPDATE:
    - debian/patches/CVE-2008-0984.patch (LP: #195949)
     + VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer)
       suffers from an arbitrary memory overwrite vulnerability when using
       crash the player instance.

  * References
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0984
    - http://www.videolan.org/security/sa0802.html

 -- Emanuele Gentili <email address hidden> Tue, 11 Mar 2008 20:25:38 +0100

Changed in vlc:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers