Ubuntu
vlc package

CVE-2008-2147 & CVE-2008-2430

Bug #253779 reported by Sebastian Kemper on 2008-07-31

This bug report is a duplicate of: Bug #238873: vlc in Hardy needs a security update. Edit Remove

254

Affects		Status	Importance	Assigned to	Milestone
	vlc (Ubuntu)	New	Undecided	Unassigned

Bug Description

Binary package hint: vlc

Hi all,

just came in the mail (link to Gentoo's announcement)
http://archives.gentoo.org/gentoo-announce/msg_42258c06a5ca7eef66b6b5f7a9c5c4c3.xml

Description
===========

* Remi Denis-Courmont reported that VLC loads plugins from the
current working directory in an unsafe manner (CVE-2008-2147).

* Alin Rad Pop (Secunia Research) reported an integer overflow error
in the Open() function in the file modules/demux/wav.c
(CVE-2008-2430).

Impact
======

A remote attacker could entice a user to open a specially crafted .wav
file, and a local attacker could entice a user to run VLC from a
directory containing specially crafted modules, possibly resulting in
the execution of arbitrary code with the privileges of the user running
the application.

Workaround
==========

There is no known workaround at this time.

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicate of bug #238873 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuvlc package

CVE-2008-2147 & CVE-2008-2430

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
vlc package