Ubuntu
vlc package

[CVE-2008-1489] buffer overflow in MP4 demuxer in vlc 0.8.6e

Dapper (6.06)
Bug #207284

Bug #207284 reported by William Grant on 2008-03-26

270

	Status	Importance	Assigned to
vlc (Gentoo Linux)	Fix Released	Medium	gentoo-bugs #214627
vlc (Ubuntu)	Fix Released	Undecided	Unassigned
Dapper	Fix Released	Medium	Emanuele Gentili
Edgy	Won't Fix	Medium	Emanuele Gentili
Feisty	Fix Released	Medium	Emanuele Gentili
Gutsy	Fix Released	Medium	Emanuele Gentili
Hardy	Fix Released	Undecided	Unassigned

Bug Description

Binary package hint: vlc

DESCRIPTION:
A vulnerability has been reported in VLC Media Player, which
potentially can be exploited by malicious people to compromise a
user's system.

The vulnerability is caused due to an integer overflow error within
"MP4_ReadBox_rdrf()" in modules/demux/mp4/libmp4.c and can be
exploited to cause a heap-based buffer overflow via e.g. a MP4 file
with a specially crafted RDRF atom.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in version 0.8.6e. Other versions may
also be affected.

SOLUTION:
Fixed in the GIT repository.
http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a

Related branches

lp://staging/ubuntu/karmic/vlc

lp://staging/ubuntu/dapper-security/vlc

lp://staging/ubuntu/feisty-security/vlc

lp://staging/ubuntu/gutsy-security/vlc

CVE References

2008-1489

Revision history for this message

Launchpad Janitor (janitor) wrote on 2008-03-28:

This bug was fixed in the package vlc - 0.8.6.release.e+x264svn20071224+faad2.6.1-0ubuntu2

---------------
vlc (0.8.6.release.e+x264svn20071224+faad2.6.1-0ubuntu2) hardy; urgency=low

* Add 031_CVE_2008_1489.diff from git head
to fix CVE-2008-1489. (LP: #207284)

-- Mario Limonciello <email address hidden> Thu, 27 Mar 2008 21:55:17 -0500

Changed in vlc:
status:	New → Fix Released

William Grant (wgrant) on 2008-03-28

Changed in vlc:
status:	New → Confirmed
status:	New → Confirmed
status:	New → Confirmed
status:	New → Confirmed

Revision history for this message

Emanuele Gentili (emgent) wrote on 2008-04-01:

gutsy_security_vlc_0.8.6.release.c-0ubuntu5.2.debdiff Edit (2.1 KiB, text/plain)

Changed in vlc:
assignee:	nobody → emgent
importance:	Undecided → Medium
status:	Confirmed → In Progress
assignee:	nobody → emgent
importance:	Undecided → Medium

Revision history for this message

Emanuele Gentili (emgent) wrote on 2008-04-01:

feisty_security_vlc_0.8.6.release-0ubuntu4.2.debdiff Edit (2.0 KiB, text/plain)

Changed in vlc:
status:	Confirmed → In Progress

Revision history for this message

Emanuele Gentili (emgent) wrote on 2008-04-01:

edgy_security_vlc_0.8.6-svn20061012.debian-1ubuntu1.3.debdiff Edit (2.2 KiB, text/plain)

Changed in vlc:
assignee:	nobody → emgent
importance:	Undecided → Medium
status:	Confirmed → In Progress
assignee:	nobody → emgent
importance:	Undecided → Medium
status:	Confirmed → In Progress

Revision history for this message

Emanuele Gentili (emgent) wrote on 2008-04-01:

dapper_security_vlc_0.8.4.debian-1ubuntu6.3.debdiff Edit (2.2 KiB, text/plain)

Bug Watch Updater (bug-watch-updater) on 2008-04-09

Changed in vlc:
status:	Unknown → In Progress

Bug Watch Updater (bug-watch-updater) on 2008-04-24

Changed in vlc:
status:	In Progress → Fix Released

Revision history for this message

Hew (hew) wrote on 2008-07-24:

Ubuntu Edgy Eft is no longer supported, so a SRU will not be issued for this release. Marking Edgy as Won't Fix.

Changed in vlc:
status:	In Progress → Won't Fix

Jamie Strandboge (jdstrand) on 2008-09-29

Changed in vlc:
status:	In Progress → Fix Committed
status:	Won't Fix → Fix Committed
status:	In Progress → Fix Committed
status:	In Progress → Fix Committed

Jamie Strandboge (jdstrand) on 2008-09-30

Changed in vlc:
status:	Fix Committed → Won't Fix

Revision history for this message

Launchpad Janitor (janitor) wrote on 2008-09-30:

This bug was fixed in the package vlc - 0.8.6.release.c-0ubuntu5.2

---------------
vlc (0.8.6.release.c-0ubuntu5.2) gutsy-security; urgency=low

  * SECURITY UPDATE: (LP: #207284)
   + debian/patches/031_CVE-2008-1489.diff
    - Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c allows
      remote attackers to cause a denial of service (crash) and possibly
      execute arbitrary code via a crafted MP4 RDRF box that triggers a
      heap-based buffer overflow.

  * References
   + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1489
   + http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a

-- Emanuele Gentili <email address hidden> Tue, 01 Apr 2008 02:33:08 +0200

Revision history for this message

Launchpad Janitor (janitor) wrote on 2008-09-30:

This bug was fixed in the package vlc - 0.8.6.release-0ubuntu4.2

---------------
vlc (0.8.6.release-0ubuntu4.2) feisty-security; urgency=low

  * References
   + http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1489
   + http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a

-- Emanuele Gentili <email address hidden> Tue, 01 Apr 2008 02:58:30 +0200