[v2.6] CVE-2013-4388: vlc
Buffer overflow in the mp4a packetizer (modules/packetizer/mpeg4audio.c) in VideoLAN VLC Media Player before 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
•MLIST:[oss-security] 20130930 Re: CVE request: VLC
•URL: http://www.openwall.com/lists/oss-security/2013/10/01/2
•CONFIRM:
http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e
•CONFIRM: http://www.videolan.org/developers/vlc-branch/NEWS
•OVAL:oval:org.mitre.oval:def:18086
•URL:
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:18086
•SECTRACK:1029120
•URL: http://www.securitytracker.com/id/1029120
(from redmine: issue id 2499, created on 2013-12-16, closed on 2013-12-18)
- Relations:
- parent #2496 (closed)
- Changesets:
- Revision 176ba275 by Natanael Copa on 2013-12-17T15:41:22Z:
main/vlc: security upgrade to 2.0.8 (CVE-2013-4388)
fixes #2499