FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vlc -- format string vulnerability and integer overflow

Affected packages
vlc < 0.8.6c

Details

VuXML ID 7128fb45-2633-11dc-94da-0016179b2dd5
Discovery 2007-06-05
Entry 2007-06-18
Modified 2010-05-12

isecpartners reports:

VLC is vulnerable to a format string attack in the parsing of Vorbis comments in Ogg Vorbis and Ogg Theora files, CDDA data or SAP/SDP service discovery messages. Additionally, there are two errors in the handling of wav files, one a denial of service due to an uninitialized variable, and one integer overflow in sampling frequency calculations.

References

CVE Name CVE-2007-3316
CVE Name CVE-2007-3467
CVE Name CVE-2007-3468
URL http://www.isecpartners.com/advisories/2007-001-vlc.txt