GitLab

Multiple issues have been found in VLC 2.1.5. The most critical issues are a buffer-overflow in the mp4-demuxer and another in the automatic updater. There is no detailed description available at this moment concerning if previous version are also vulnerable.

Fixes are available:

Buffer overflow in updater:
CVE-2014-9625: integer truncation caused by a cast to size_t (with resultant buffer overflow).

https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14

Buffer overflow in mp4 demuxer:
CVE-2014-9626: integer underflow.
CVE-2014-9627: integer truncation on 32-bit platforms.
CVE-2014-9628: attacker-triggered zero-size malloc with resultant buffer overflow.

https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39

Potential buffer overflow in Schroedinger Encoder:
CVE-2014-9629: integer overflow with resultant buffer overflow.

https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5

Invalid memory access in rtp code:
CVE-2014-9630: stack allocation with an attacker-controlled size.

https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97

References:
http://seclists.org/oss-sec/2015/q1/187
http://seclists.org/oss-sec/2015/q1/193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9625
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9626
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9627
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9628
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9630

(from redmine: issue id 3872, created on 2015-02-02, closed on 2015-03-20)

• Relations:
  • parent #3868 (closed)
• Changesets:
  • Revision 3a735480 by Natanael Copa on 2015-03-18T11:05:56Z:

main/vlc: security upgrade to 2.1.6

fixes #3872

CVE-2014-9625
CVE-2014-9626
CVE-2014-9627
CVE-2014-9628
CVE-2014-9629
CVE-2014-9630