Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian Security Advisory DSA 1543-1 (vlc)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to vlc announced via advisory DSA 1543-1.
Insight
Insight
Luigi Auriemma, Alin Rad Pop, Rémi Denis-Courmont, Quovodis, Guido Landi, Felipe Manzano, Anibal Sacco and others discovered multiple vulnerabilities in vlc, an application for playback and streaming of audio and video. In the worst case, these weaknesses permit a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user running vlc. The Common Vulnerabilities and Exposures project identifies the following eight problems: CVE-2007-6681 A buffer overflow vulnerability in subtitle handling allows an attacker to execute arbitrary code through the opening of a maliciously crafted MicroDVD, SSA or Vplayer file. CVE-2007-6682 A format string vulnerability in the HTTP-based remote control facility of the vlc application allows a remote, unauthenticated attacker to execute arbitrary code. CVE-2007-6683 Insecure argument validation allows a remote attacker to overwrite arbitrary files writable by the user running vlc, if a maliciously crafted M3U playlist or MP3 audio file is opened. CVE-2008-0295, CVE-2008-0296 Heap buffer overflows in RTSP stream and session description protocol (SDP) handling allow an attacker to execute arbitrary code if a maliciously-crafted RTSP stream is played. CVE-2008-0073 Insufficient integer bounds checking in SDP handling allows the execution of arbitrary code through a maliciously crafted SDP stream ID parameter in an RTSP stream. CVE-2008-0984 Insufficient integrity checking in the MP4 demuxer allows a remote attacker to overwrite arbitrary memory and execute arbitrary code if a maliciously-crafted MP4 file is opened. CVE-2008-1489 An integer overflow vulnerability in MP4 handling allows a remote attacker to cause a heap buffer overflow, inducing a crash and possibly the execution of arbitrary code if a maliciously-crafted MP4 file is opened. For the stable distribution (etch), these problems have been fixed in version 0.8.6-svn20061012.debian-5.1+etch2. For the unstable distribution (sid), these problems have been fixed in version 0.6.8.e-2. We recommend that you upgrade your vlc packages.
Solution
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201543-1