VLC Media Player Update

By Roger on February 28, 2008 8:27 PM | | Comments (0) | TrackBacks (0)

VLC Media Player 0.8.6e is available to release multiple security vulnerabilities.

Security Advisory 0801
Summary : Format string vulnerability in the Web interface
Stack-based buffer overflow in the Subtitles demuxer
String buffer overflows in the Real RTSP demuxer
CVE references : CVE-2007-6681, CVE-2007-6682, CVE-2008-0295, CVE-2008-0296

Security Advisory 0802
Summary : Arbitrary memory overwrite in the MP4 demuxer
CVE reference : CVE-2008-0984

Security Advisory 0803
Summary : Arbitrary file overwrite and other abuses
through M3U parser and browsers plugins
CVE reference :

I've seen VLC showing up in the vulnerability scans more at work. People install it because it supports a wide variety of multimedia formats. One more non-standard app to get patched.

Categories

General

Tags

0 TrackBacks

Listed below are links to blogs that reference this entry: VLC Media Player Update.

TrackBack URL for this entry: http://www.infosecblog.org/mt-tb20071121.pl/690

Leave a comment

Powered by Ajax Comments

About this Entry

This page contains a single entry by Roger published on February 28, 2008 8:27 PM.

Hard Disk Encryption - Not Dead Yet was the previous entry in this blog.

Fighting Back Against Identity Theft is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Got Backups? Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.2-en

Search