[v3.0] vlc: multiple issues (CVE-2014-9625, CVE-2014-9626, CVE-2014-9627, CVE-2014-9628, CVE-2014-9629, CVE-2014-9630)
Multiple issues have been found in VLC 2.1.5. The most critical issues are a buffer-overflow in the mp4-demuxer and another in the automatic updater. There is no detailed description available at this moment concerning if previous version are also vulnerable.
Fixes are available:
Buffer overflow in updater:
CVE-2014-9625: integer truncation caused by a cast to size_t (with
resultant buffer overflow).
https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14
Buffer overflow in mp4 demuxer:
CVE-2014-9626: integer underflow.
CVE-2014-9627: integer truncation on 32-bit platforms.
CVE-2014-9628: attacker-triggered zero-size malloc with resultant buffer
overflow.
https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39
Potential buffer overflow in Schroedinger Encoder:
CVE-2014-9629: integer overflow with resultant buffer overflow.
https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5
Invalid memory access in rtp code:
CVE-2014-9630: stack allocation with an attacker-controlled size.
https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97
References:
http://seclists.org/oss-sec/2015/q1/187
http://seclists.org/oss-sec/2015/q1/193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9625
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9626
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9627
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9628
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9630
(from redmine: issue id 3871, created on 2015-02-02, closed on 2015-03-20)
- Relations:
- parent #3868 (closed)
- Changesets:
- Revision a3af964a by Natanael Copa on 2015-03-18T11:10:05Z:
main/vlc: security upgrade to 2.1.6
fixes #3871
CVE-2014-9625
CVE-2014-9626
CVE-2014-9627
CVE-2014-9628
CVE-2014-9629
CVE-2014-9630