CVE-2007-3316

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2007-3316 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by David Thiel.

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2007-3316

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* VLC media player 0.8.6b and earlier

VLC media player Ogg/Vorbis, Ogg/Theora, CDDA (CD Digital Audio) and SAP (Service Announce Protocol) plugins are prone to a C-style format string vulnerability when trying to parse a media data stream.
Valid but carefully crafted .ogg (Vorbis) or .ogm (Theora) files, CDDB entries or SAP/SDP messages can trigger the bug. We therefore consider this bug to have a high severity.

Vendor Status:
VideoLAN had issued an update for this vulnerability

Patch Availability:
http://www.videolan.org/security/sa0702.html

CVE Information:
CVE-2007-3316

Disclosure Timeline:
22 June 2007
Added CVE candidate ID reference

17 June 2007
VLC 0.8.6c bugfix release
Binaries for Windows and Mac OS X

07 June 2007
Source code fixes for VLC 0.8.6b and development tree

06 June 2007
Bug reported by David Thiel

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus