diff options
| author | Martin Wilke <miwi@FreeBSD.org> | 2007-06-29 09:42:05 +0000 |
|---|---|---|
| committer | Martin Wilke <miwi@FreeBSD.org> | 2007-06-29 09:42:05 +0000 |
| commit | 08d66d63bcd52a20d59e23bc9d42d36f47ff7b0c (patch) | |
| tree | 39f5c8ce15813935c322e5316d7f504852e3daf7 | |
| parent | ab7355105b8a60a69eebcf7baf64e61932d7fa26 (diff) | |
| download | freebsd-ports-08d66d63bcd52a20d59e23bc9d42d36f47ff7b0c.zip | |
- Document vlc - format string vulnerability and integer overflow
| -rw-r--r-- | security/vuxml/vuln.xml | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 1d8b3d81aae0..e76a5557256c 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,36 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="7128fb45-2633-11dc-94da-0016179b2dd5"> + <topic>vlc -- format string vulnerability and integer overflow</topic> + <affects> + <package> + <name>vcl</name> + <range><lt>0.8.6c</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>isecpartners reports:</p> + <blockquote cite="http://www.isecpartners.com/advisories/2007-001-vlc.txt"> + <p>VLC is vulnerable to a format string attack in the parsing + of Vorbis comments in Ogg Vorbis and Ogg Theora files, CDDA + data or SAP/SDP service discovery messages. Additionally, + there are two errors in the handling of wav files, one a + denial of service due to an uninitialized variable, and one + integer overflow in sampling frequency calculations.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.isecpartners.com/advisories/2007-001-vlc.txt</url> + </references> + <dates> + <discovery>2007-06-05</discovery> + <entry>2007-06-18</entry> + </dates> + </vuln> + <vuln vid="32d38cbb-2632-11dc-94da-0016179b2dd5"> <topic>flac123 -- stack overflow in comment parsing </topic> <affects> |