Oval Definition:oval:org.mitre.oval:def:12840
Revision Date:2014-06-23Version:20
Title:DSA-2043-1 vlc -- integer overflow
Description:tixxDZ discovered a vulnerability in vlc, the multimedia player and streamer. Missing data validation in vlc's real data transport implementation enable an integer underflow and consequently an unbounded buffer operation. A maliciously crafted stream could thus enable an attacker to execute arbitrary code. No Common Vulnerabilities and Exposures project identifier is available for this issue. For the stable distribution, this problem has been fixed in version 0.8.6.h-4+lenny2.3. For the testing distribution, this problem was fixed in version 1.0.1-1. We recommend that you upgrade your vlc packages.
Family:unixClass:patch
Status:ACCEPTEDReference(s):DSA-2043-1
Platform(s):Debian GNU/Linux 5.0
Product(s):vlc
Definition Synopsis
  • Debian GNU/Linux 5.0 is installed
  • AND Architecture section
  • libvlc0 DPKG is earlier than 0.8.6.h-4+lenny2.3
  • OR vlc-nox DPKG is earlier than 0.8.6.h-4+lenny2.3
  • OR vlc-plugin-arts DPKG is earlier than 0.8.6.h-4+lenny2.3
  • OR vlc DPKG is earlier than 0.8.6.h-4+lenny2.3
  • OR mozilla-plugin-vlc DPKG is earlier than 0.8.6.h-4+lenny2.3
  • OR vlc-plugin-ggi DPKG is earlier than 0.8.6.h-4+lenny2.3
  • OR libvlc0-dev DPKG is earlier than 0.8.6.h-4+lenny2.3
  • OR vlc-plugin-jack DPKG is earlier than 0.8.6.h-4+lenny2.3
  • OR vlc-plugin-esd DPKG is earlier than 0.8.6.h-4+lenny2.3
  • OR vlc-plugin-sdl DPKG is earlier than 0.8.6.h-4+lenny2.3
  • OR Architecture depended section
  • Installed architecture is i386
  • AND Packages section
  • vlc-plugin-glide DPKG is earlier than 0.8.6.h-4+lenny2.3
  • OR vlc-plugin-svgalib DPKG is earlier than 0.8.6.h-4+lenny2.3
  • OR Supported platform section
  • Installed architecture is amd64
  • AND vlc-plugin-svgalib DPKG is earlier than 0.8.6.h-4+lenny2.3
    • BACK