LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

vlc: two code execution flaws

Package(s):vlc CVE #(s):
Created:February 7, 2013 Updated:February 13, 2013
Description:

From the Videolan advisories [1, 2]:

Summary : Buffer overflows in freetype renderer and HTML subtitle parser

When parsing a specially crafted file, a buffer overflow might occur. If successful, a malicious third party could trigger an invalid memory access, leading to a crash of VLC or arbitratry code execution.

Summary : Buffer Overflow in ASF Demuxer

When parsing a specially crafted ASF movie, a buffer overflow might occur.

If successful, a malicious third party could trigger an invalid memory access, leading to a crash of VLC media player's process. In some cases attackers might exploit this issue to execute arbitrary code within the context of the application but this information is not confirmed.

Alerts:
Mageia MGASA-2013-0022 2013-02-06
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds