|
|
|
|
| |
Credit:
The information has been provided by Michal Luczaj is credited with the discovery of the buffer-overflow vulnerabilities. Luigi Auriemma discovered the format-string vulnerability..
|
| |
Vulnerable Systems:
* VLC media player 0.8.6d and earlier
VideoLAN VLC media player is prone to multiple remote code-execution vulnerabilities, including multiple buffer-overflow issues and a format-string issue. Exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application.
Vendor Status:
VideoLAN had issued an update for this vulnerability
Patch Availability:
http://www.videolan.org/security/sa0801.html
CVE Information:
CVE-2007-6681
CVE-2007-6682
Disclosure Timeline:
2 April 2008
VLC 0.8.6f bugfix release
27 February 2008
VLC 0.8.6e bugfix release
20 January 2008
Source code fixes to the Real RTSP demuxer for VLC 0.8.6d and development tree
10 January 2008
Real RTSP demuxer issues published by Luigi Auriemma
24 December 2007
Web Interface and Subtitle Demuxer bugs reported by Luigi Auriemma
Source code fixes to these issues for VLC 0.8.6d and development tree
|
|
|
|
|
