漏洞信息详情
VLC媒体播放器MP及Cinepak解码器数组越界访问和内存占用漏洞
- CNNVD编号:CNNVD-200804-353
- 危害等级: 中危
- CVE编号: CVE-2008-1769
- 漏洞类型: 资源管理错误
- 发布时间: 2008-04-25
- 威胁类型: 远程
- 更新时间: 2008-09-05
- 厂 商: videolan
- 漏洞来源: Drew Yao
漏洞简介
VideoLAN VLC media player是法国VideoLAN组织开发的一款免费、开源的跨平台多媒体播放器(也是一个多媒体框架)。该产品支持播放多种介质(文件、光盘等)、多种音视频格式(WMV, MP3等)等。
VLC 0.8.6f 之前的版本中存在数组越界访问和内存占用漏洞。远程攻击者可以借助特制的Cinepak文件触发数组越界访问和内存占用,导致拒绝服务攻击。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Debian Linux 4.0 amd64
Debian libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-s vn20061012.debian-5.1+etch3_amd64.deb
Debian libvlc0_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20 061012.debian-5.1+etch3_amd64.deb
Debian mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_ 0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
Debian vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20 061012.debian-5.1+etch3_amd64.deb
Debian vlc-plugin-alsa_0.8.6-svn20061012.debian-5.1+etch3_all.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8 .6-svn20061012.debian-5.1+etch3_all.deb
Debian vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8 .6-svn20061012.debian-5.1+etch3_amd64.deb
Debian vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8. 6-svn20061012.debian-5.1+etch3_amd64.deb
Debian vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8. 6-svn20061012.debian-5.1+etch3_amd64.deb
Debian vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8. 6-svn20061012.debian-5.1+etch3_amd64.deb
Debian vlc_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn200610 12.debian-5.1+etch3_amd64.deb
Debian wxvlc_0.8.6-svn20061012.debian-5.1+etch3_all.deb
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.6-svn2006 1012.debian-5.1+etch3_all.deb
Debian Linux 4.0 ia-32
Debian libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-s vn20061012.debian-5.1+etch3_i386.deb
Debian libvlc0_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20 061012.debian-5.1+etch3_i386.deb
Debian mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_ 0.8.6-svn20061012.debian-5.1+etch3_i386.deb
Debian vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20 061012.debian-5.1+etch3_i386.deb
Debian vlc-plugin-alsa_0.8.6-svn20061012.debian-5.1+etch3_all.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8 .6-svn20061012.debian-5.1+etch3_all.deb
Debian vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8 .6-svn20061012.debian-5.1+etch3_i386.deb
Debian vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8. 6-svn20061012.debian-5.1+etch3_i386.deb
Debian vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8. 6-svn20061012.debian-5.1+etch3_i386.deb
Debian vlc-plugin-glide_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-glide_0. 8.6-svn20061012.debian-5.1+etch3_i386.deb
Debian vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8. 6-svn20061012.debian-5.1+etch3_i386.deb
Debian vlc-plugin-svgalib_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-svgalib_ 0.8.6-svn20061012.debian-5.1+etch3_i386.deb
Debian vlc_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn200610 12.debian-5
参考网址
来源: VUPEN
名称: ADV-2008-0985
链接:http://www.vupen.com/english/advisories/2008/0985
来源: GENTOO
名称: GLSA-200804-25
链接:http://security.gentoo.org/glsa/glsa-200804-25.xml
来源: SECUNIA
名称: 29503
链接:http://secunia.com/advisories/29503
来源: MISC
链接:http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=cf489d7bff3c1b36b2d5501ecf21129c78104d98
来源: MISC
链接:http://bugs.gentoo.org/show_bug.cgi?id=214627#c3
来源: www.videolan.org
链接:http://www.videolan.org/security/sa0803.php
来源: www.videolan.org
链接:http://www.videolan.org/developers/vlc/NEWS
来源: BID
名称: 28904
链接:http://www.securityfocus.com/bid/28904
来源: wiki.videolan.org
链接:http://wiki.videolan.org/Changelog/0.8.6f
来源: SECUNIA
名称: 29800
链接:http://secunia.com/advisories/29800
受影响实体
- Videolan Vlc:0.8.6e
- Videolan Vlc:0.8.6d
- Videolan Vlc:0.8.6c
- Videolan Vlc:0.8.6b
- Videolan Vlc:0.8.6a
补丁
暂无
评论