From owner-freebsd-vuxml@FreeBSD.ORG Sat Nov 29 21:12:43 2008 Return-Path: Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E1805106564A; Sat, 29 Nov 2008 21:12:43 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id 9B5C68FC1C; Sat, 29 Nov 2008 21:12:43 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:Received:To:Subject:From:Reply-To:Cc:X-send-pr-version:X-GNATS-Notify:Message-Id:Date; b=KE3p7EAAGdWhMVjP7iEBJ2/aRfoQTKzkCGNJAQB620oqvH1940TsWynr1nGyq9c8iwijLY2YlmlAK6fLQx0uoDBS1wl9Pkl7DjuHnTsHvpqUN2ngi8mr3GYbzLnazmQfgaVdZgwagQ07S8EDi37/1x97qM1uENUgTmrUm8RTaMQ=; Received: from amnesiac.at.no.dns (ppp85-141-64-177.pppoe.mtu-net.ru [85.141.64.177]) by 0.mx.codelabs.ru with esmtps (TLSv1:CAMELLIA256-SHA:256) id 1L6X7K-0000Uc-GG; Sun, 30 Nov 2008 00:12:42 +0300 Received: by amnesiac.at.no.dns (Postfix, from userid 1001) id 505D817115; Sun, 30 Nov 2008 00:12:44 +0300 (MSK) To: FreeBSD-gnats-submit@freebsd.org From: Eygene Ryabinkin X-send-pr-version: 3.113 X-GNATS-Notify: jsa@wickedmachine.net Message-Id: <20081129211244.505D817115@amnesiac.at.no.dns> Date: Sun, 30 Nov 2008 00:12:44 +0300 (MSK) X-Mailman-Approved-At: Sun, 30 Nov 2008 02:30:20 +0000 Cc: freebsd-vuxml@freebsd.org Subject: [vuxml] multimedia/vlc-devel: document CVE-2008-4654 and CVE-2008-4686 X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Eygene Ryabinkin List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Nov 2008 21:12:44 -0000 >Submitter-Id: current-users >Originator: Eygene Ryabinkin >Organization: Code Labs >Confidential: no >Synopsis: [vuxml] multimedia/vlc-devel: document CVE-2008-4654 and CVE-2008-4686 >Severity: non-critical >Priority: medium >Category: ports >Class: sw-bug >Release: FreeBSD 7.1-PRERELEASE amd64 >Environment: System: FreeBSD 7.1-PRERELEASE amd64 >Description: Multiple overflows were discovered in the TiVo demuxer within the VLC player. >How-To-Repeat: Look at http://www.openwall.com/lists/oss-security/2008/10/22/2 >Fix: The following VuXML entry should be evaluated and added: --- vuln.xml begins here --- vlc-devel -- multiple overflows in the TiVo demux plugin vlc-devel 0.9.0.200802230.9.5

Tobias Klein from TrapKit notifies:

The VLC media player contains a stack overflow vulnerability while parsing malformed TiVo ty media files. The vulnerability can be trivially exploited by a (remote) attacker to execute arbitrary code in the context of VLC media player.

Entry for CVE-2008-4686 says:

Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, allow remote attackers to have an unknown impact via a crafted .ty file, a different vulnerability than CVE-2008-4654.

 http://www.trapkit.de/advisories/TKADV2008-010.txt CVE-2008-4654 31813 CVE-2008-4686 2008-10-18 TODAY --- vuln.xml ends here --- I had traced the vulnerable code down to the 0.9.0.20080223: older snapshots have no such code as referenced in the commits http://git.videolan.org/?p=vlc.git;a=blobdiff;f=modules/demux/ty.c;h=f7d42bc4f8edc9890fec96a4933100f114f1258d;hp=231fddabf8a53136040e7e3f5d0202d0539c8a93;hb=fde9e1cc1fe1ec9635169fa071e42b3aa6436033;hpb=b63538354a6a49ae5a878edd37221480cb7850f5 http://git.videolan.org/?p=vlc.git;a=commitdiff;h=d859e6b9537af2d7326276f70de25a840f554dc3