vlc: RealMedia demuxer integer overflow
Bug #807486 reported by
Rémi Denis-Courmont
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
VLC media player |
Fix Released
|
Critical
|
Rémi Denis-Courmont | ||
vlc (Debian) |
Fix Released
|
Unknown
|
|||
vlc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Maverick |
Fix Released
|
Undecided
|
Unassigned | ||
Natty |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
An integer overflow error when handling the "frame_size" and
"sub_packet_h" fields within the RealAudio data block (DemuxAudioSipr() in
modules/
heap-based buffer overflow.
Changed in vlc: | |
assignee: | nobody → Rémi Denis-Courmont (rdenis) |
importance: | Undecided → Critical |
status: | New → Confirmed |
Changed in vlc (Ubuntu): | |
status: | New → Confirmed |
Changed in vlc: | |
milestone: | none → 1.1.11 |
tags: |
added: patch-accepted-upstream removed: patch-forwarded-upstream |
visibility: | private → public |
Changed in vlc: | |
status: | Fix Committed → Won't Fix |
status: | Won't Fix → Fix Released |
summary: |
- vlc: CVE-2011-2587 RealMedia demuxer integer overflow + vlc: RealMedia demuxer integer overflow |
Changed in vlc (Debian): | |
status: | Unknown → Fix Released |
To post a comment you must log in.
This bug was fixed in the package vlc - 1.1.11-1ubuntu1
---------------
vlc (1.1.11-1ubuntu1) oneiric; urgency=low
* Merge from Debian unstable, remaining changes:
- build and install the libx264 plugin
vlc (1.1.11-1) unstable; urgency=high
* New upstream release. needed. patch.
- Fix heap overflow in RealMedia plugin (Closes: #633674, LP: #807486)
- Fix heap overflow in AVI plugin (Closes: #633675, LP: #807488)
* Call dh_autoreconf with --as-needed and drop 052_as-
* Drop backported patches.
* Drop libschroedinger weaken patch (upstream weakened it to 1.0.6).
* Refresh remaining patches.
-- Benjamin Drung <email address hidden> Mon, 18 Jul 2011 11:40:18 +0200