Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 30 Nov 2008 00:12:44 +0300 (MSK)
From:      Eygene Ryabinkin <rea-fbsd@codelabs.ru>
To:        FreeBSD-gnats-submit@freebsd.org
Cc:        freebsd-vuxml@freebsd.org
Subject:   [vuxml] multimedia/vlc-devel: document CVE-2008-4654 and CVE-2008-4686
Message-ID:  <20081129211244.505D817115@amnesiac.at.no.dns>

next in thread | raw e-mail | index | archive | help

>Submitter-Id:	current-users
>Originator:	Eygene Ryabinkin
>Organization:	Code Labs
>Confidential:	no 
>Synopsis:	[vuxml] multimedia/vlc-devel: document CVE-2008-4654 and CVE-2008-4686
>Severity:	non-critical
>Priority:	medium
>Category:	ports
>Class:		sw-bug
>Release:	FreeBSD 7.1-PRERELEASE amd64
>Environment:

System: FreeBSD 7.1-PRERELEASE amd64

>Description:

Multiple overflows were discovered in the TiVo demuxer within the
VLC player.

>How-To-Repeat:

Look at http://www.openwall.com/lists/oss-security/2008/10/22/2

>Fix:

The following VuXML entry should be evaluated and added:
--- vuln.xml begins here ---
  <vuln vid="">
    <topic>vlc-devel -- multiple overflows in the TiVo demux plugin</topic>
    <affects>
      <package>
	<name>vlc-devel</name>
	<range><ge>0.9.0.20080223</ge><lt>0.9.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">;
	<p>Tobias Klein from TrapKit notifies:</p>
	<blockquote cite="http://www.trapkit.de/advisories/TKADV2008-010.txt">;
	  <p>The VLC media player contains a stack overflow
	  vulnerability while parsing malformed TiVo ty media files.
	  The vulnerability can be trivially exploited by a (remote)
	  attacker to execute arbitrary code in the context of VLC
	  media player.</p>
	</blockquote>
	<p>Entry for CVE-2008-4686 says:</p>
	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4686">;
	  <p>Multiple integer overflows in ty.c in the TY demux
	  plugin (aka the TiVo demuxer) in VideoLAN VLC media player,
	  probably 0.9.4, allow remote attackers to have an unknown
	  impact via a crafted .ty file, a different vulnerability
	  than CVE-2008-4654.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.trapkit.de/advisories/TKADV2008-010.txt</url>;
      <cvename>CVE-2008-4654</cvename>
      <bid>31813</bid>
      <cvename>CVE-2008-4686</cvename>
    </references>
    <dates>
      <discovery>2008-10-18</discovery>
      <entry>TODAY</entry>
    </dates>
  </vuln>
--- vuln.xml ends here ---

I had traced the vulnerable code down to the 0.9.0.20080223: older
snapshots have no such code as referenced in the commits
  http://git.videolan.org/?p=vlc.git;a=blobdiff;f=modules/demux/ty.c;h=f7d42bc4f8edc9890fec96a4933100f114f1258d;hp=231fddabf8a53136040e7e3f5d0202d0539c8a93;hb=fde9e1cc1fe1ec9635169fa071e42b3aa6436033;hpb=b63538354a6a49ae5a878edd37221480cb7850f5
  http://git.videolan.org/?p=vlc.git;a=commitdiff;h=d859e6b9537af2d7326276f70de25a840f554dc3



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081129211244.505D817115>