VLC Arbitrary memory overwrite in the MP4 demuxer

Bug #195949 reported by Emanuele Gentili
258
Affects Status Importance Assigned to Milestone
vlc (Ubuntu)
Fix Released
Medium
Mario Limonciello
Dapper
Fix Released
Medium
Emanuele Gentili
Edgy
Fix Released
Medium
Emanuele Gentili
Feisty
Fix Released
Medium
Emanuele Gentili
Gutsy
Fix Released
Medium
Emanuele Gentili
Hardy
Fix Released
Medium
Mario Limonciello

Bug Description

Binary package hint: vlc

VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer) suffers from an arbitrary memory overwrite vulnerability when using specially crafted (invalid) MP4 input files.

If successful, a malicious third party could trigger execution of arbitrary code within the context of the VLC media player, or otherwise crash the player instance.

Changed in vlc:
assignee: nobody → emgent
importance: Undecided → Medium
status: New → In Progress
Revision history for this message
Emanuele Gentili (emgent) wrote :
Revision history for this message
Emanuele Gentili (emgent) wrote :

added ubuntu-universe-sponsor for upload this fix in hardy.

now working to gutsy.

Revision history for this message
Emanuele Gentili (emgent) wrote :
Revision history for this message
Emanuele Gentili (emgent) wrote :
Revision history for this message
Emanuele Gentili (emgent) wrote :
Revision history for this message
Emanuele Gentili (emgent) wrote :

corrected version in hardy.

Revision history for this message
Michael Bienia (geser) wrote :

Did you check it builds correctly in hardy? vlc needs adjustments to build with xulrunner-1.9 in hardy. And one could also fix bug 194907 while working on it.

Revision history for this message
Mario Limonciello (superm1) wrote :

I'll take care of making it work with xulrunner-1.9

Changed in vlc:
assignee: emgent → superm1
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vlc - 0.8.6.release.d-0ubuntu4

---------------
vlc (0.8.6.release.d-0ubuntu4) hardy; urgency=low

  [ Emanuele Gentili ]
  * SECURITY UPDATE:
    - debian/patches/021_CVE-2008-0984.diff (LP: #195949)
     + VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer) suffers
       from an arbitrary memory overwrite vulnerability when using crash the player
       instance.

  * References
    - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0984
    - http://www.videolan.org/security/sa0802.html

  [ Mario Limonciello ]
  * debian/control:
    - Build debian on libxul-dev instead of firefox-dev
  * debian/rules:
    - Use xulrunner-config rather than firefox-config (LP: #194907)

 -- Emanuele Gentili <email address hidden> Wed, 27 Feb 2008 00:33:06 +0100

Changed in vlc:
status: In Progress → Fix Released
Changed in vlc:
assignee: nobody → emgent
importance: Undecided → Medium
assignee: nobody → emgent
importance: Undecided → Medium
assignee: nobody → emgent
importance: Undecided → Medium
assignee: nobody → emgent
importance: Undecided → Medium
Changed in vlc:
status: New → In Progress
status: New → In Progress
status: New → In Progress
status: New → In Progress
Revision history for this message
Emanuele Gentili (emgent) wrote :
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Uploaded with minor changes to the changelog.

Changed in vlc:
status: In Progress → Fix Committed
status: In Progress → Fix Committed
status: In Progress → Fix Committed
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vlc - 0.8.6.release.c-0ubuntu5.1

---------------
vlc (0.8.6.release.c-0ubuntu5.1) gutsy-security; urgency=low

  * SECURITY UPDATE:
    - debian/patches/031_CVE-2008-0984.diff (LP: #195949)
     + VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer)
       suffers from an arbitrary memory overwrite vulnerability when using
       crash the player instance.

  * References
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0984
    - http://www.videolan.org/security/sa0802.html

 -- Emanuele Gentili <email address hidden> Wed, 27 Feb 2008 01:28:37 +0100

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vlc - 0.8.6.release-0ubuntu4.1

---------------
vlc (0.8.6.release-0ubuntu4.1) feisty-security; urgency=low

  * SECURITY UPDATE:
    - debian/patches/031_CVE-2008-0984.diff (LP: #195949)
     + VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer)
       suffers from an arbitrary memory overwrite vulnerability when using
       crash the player instance.

  * References
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0984
    - http://www.videolan.org/security/sa0802.html

 -- Emanuele Gentili <email address hidden> Wed, 27 Feb 2008 02:48:48 +0100

Changed in vlc:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

vlc (0.8.4.debian-1ubuntu6.2) dapper-security; urgency=low

  * SECURITY UPDATE:
    - debian/patches/CVE-2008-0984.dpatch (LP: #195949)
     + VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer)
       suffers from an arbitrary memory overwrite vulnerability when using
       crash the player instance.

  * References
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0984
    - http://www.videolan.org/security/sa0802.html

 -- Emanuele Gentili <email address hidden> Wed, 27 Feb 2008 03:09:28 +0100

Changed in vlc:
status: Fix Committed → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

vlc (0.8.6-svn20061012.debian-1ubuntu1.2) edgy-security; urgency=low

  * SECURITY UPDATE:
    - debian/patches/CVE-2008-0984.patch (LP: #195949)
     + VLC media player's MPEG-4 file format parser (a.k.a. the MP4 demuxer)
       suffers from an arbitrary memory overwrite vulnerability when using
       crash the player instance.

  * References
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0984
    - http://www.videolan.org/security/sa0802.html

 -- Emanuele Gentili <email address hidden> Tue, 11 Mar 2008 20:25:38 +0100

Changed in vlc:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.