Ubuntu
vlc package

URL format string injection in CDDA and VCDX plugins

Bug #78610 reported by Xtophe
260
Affects Status Importance Assigned to Milestone
vlc (Debian)
Fix Released
Unknown
vlc (Ubuntu)
Fix Released
High
Daniel T Chen
Breezy
Invalid
Undecided
Unassigned
Dapper
Fix Released
Undecided
Unassigned
Edgy
Fix Released
Undecided
magilus
Feisty
Fix Released
High
Daniel T Chen

Bug Description

Binary package hint: vlc

This is a security problem.
VLC media player CDDA (CD Digital Audio) and VCDX (Video CD) plugins are prone to a C-style format string vulnerability when trying to open a media resource location. The bug occurs when handling error and debug messages from underlying library libcdio.

Because the VCDX plugins probes every media resource location unless another plugin successfully opened the resource, almost any invalid location can trigger the bug.

See http://www.videolan.org/sa0701.html for further information and patch.
It is referenced under CVE-2007-0017, VideoLAN-SA-0701, MOAB-02-01-2007

Tags: patch security

CVE References

Revision history for this message
Xtophe (xtophe) wrote :

I forgot to say it affects VLC version 0.7.0 to O.8.6. So all version in Ubuntu are concerned.

Bug Watch Updater (bug-watch-updater)
Changed in vlc:
status: Unknown → Fix Released
magilus (magilus)
Changed in vlc:
assignee: nobody → pirast
status: Unconfirmed → Confirmed
Revision history for this message
Daniel T Chen (crimsun) wrote :

Sit tight, I'm on this.

Changed in vlc:
status: Confirmed → In Progress
importance: Undecided → High
magilus (magilus)
Changed in vlc:
assignee: nobody → pirast
status: Unconfirmed → In Progress
assignee: pirast → crimsun
magilus (magilus)
Changed in vlc:
assignee: nobody → pirast
status: Unconfirmed → In Progress
magilus (magilus)
Changed in vlc:
status: In Progress → Fix Committed
Revision history for this message
Kees Cook (kees) wrote :

Edgy has been published, it should be visible in the archives shortly.

Changed in vlc:
status: Fix Committed → Fix Released
Revision history for this message
Matti Lindell (mlind) wrote :

Hopefully the hole is plugged soon in feisty too, crimsun any news?

magilus (magilus)
Changed in vlc:
assignee: pirast → nobody
status: In Progress → Confirmed
Revision history for this message
Matti Lindell (mlind) wrote :

 vlc (0.8.6.release-0ubuntu2) feisty; urgency=low
 .
   * debian/control:
     - Adhere to DebianMaintainerField,
     - Build against libwxgtk2.8-dev, Closes:
       LP: #54548
       LP: #84098
   * debian/patches: Add 030_CVE-2007-0017.diff to quilt's series
     - Reference: CVE-2007-0017

Changed in vlc:
status: In Progress → Fix Released
Revision history for this message
Marco Rodrigues (gothicx) wrote :

Breezy support is over.. Today it's Breezy End Of Life!

Changed in vlc:
status: Unconfirmed → Rejected
Revision history for this message
William Grant (wgrant) wrote :

Seems that the Dapper update got caught in a queue somewhere:

--
vlc (0.8.4.debian-1ubuntu6.1) dapper-security; urgency=low

  * Fix format string vulnerability with patch taken from Debian BTS
    MOAB-02-01-2007-CVE-2007-0017.dpatch, CVE-2007-0017. Closes Malone: #78610

 -- Martin Juergens <email address hidden> Sat, 27 Jan 2007 18:39:58 +0100

Changed in vlc:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.