Remi Denis-Courmont
2008-Oct-19 13:18 UTC
[Secure-testing-team] Bug#502726: libty_plugin: vlc: exploitable buffer overflow in TY demux
Package: vlc-nox Version: 0.8.6.h-4 Severity: grave File: libty_plugin Tags: security Justification: user security hole VLC versions 0.8.2 through 0.9.4 are prone to an exploitable stack-based buffer overflow in the TY (TiVo) file parser. See also http://www.videolan.org/security/sa0809.html N.B.: please give me the CVE ID if you allocate one. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (100, ''unstable''), (100, ''testing'') Architecture: i386 (i686) Kernel: Linux 2.6.27 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages vlc-nox depends on: ii liba52-0.7.4 0.7.4-11 library for decoding ATSC A/52 str ii libasound2 1.0.16-2 ALSA library ii libavahi-client3 0.6.23-2 Avahi client library ii libavahi-common3 0.6.23-2 Avahi common library ii libavc1394-0 0.5.3-1+b1 control IEEE 1394 audio/video devi ii libavcodec51 0.svn20080206-14 ffmpeg codec library ii libavformat52 0.svn20080206-14 ffmpeg file format library ii libavutil49 0.svn20080206-14 ffmpeg utility library ii libc6 2.7-15 GNU C Library: Shared libraries ii libcdio7 0.78.2+dfsg1-3 library to read and control CD-ROM ii libdbus-1-3 1.2.1-3 simple interprocess messaging syst ii libdvbpsi4 0.1.5-3.1 library for MPEG TS and DVB PSI ta ii libdvdnav4 4.1.2-3 DVD navigation library ii libdvdread3 0.9.7-11 library for reading DVDs ii libebml0 0.7.7-3.1 access library for the EBML format ii libfaad0 2.6.1-3.1 freeware Advanced Audio Decoder - ii libflac8 1.2.1-1.2 Free Lossless Audio Codec - runtim ii libfreetype6 2.3.7-2 FreeType 2 font engine, shared lib ii libfribidi0 0.10.9-1 Free Implementation of the Unicode ii libgcc1 1:4.3.2-1 GCC support library ii libgcrypt11 1.4.1-1 LGPL Crypto library - runtime libr ii libgnutls26 2.4.2-1 the GNU TLS library - runtime libr ii libhal1 0.5.11-5 Hardware Abstraction Layer - share ii libid3tag0 0.15.1b-10 ID3 tag reading library from the M ii libiso9660-5 0.78.2+dfsg1-3 library to work with ISO9660 files ii liblircclient0 0.8.3-3 infra-red remote control support - ii libmad0 0.15.1b-3 MPEG audio decoder library ii libmatroska0 0.8.1-1.1 extensible open standard audio/vid ii libmodplug0c2 1:0.8.4-2 shared libraries for mod music bas ii libmpcdec3 1.2.2-1 Musepack (MPC) format library ii libmpeg2-4 0.4.1-3 MPEG1 and MPEG2 video decoder libr ii libncurses5 5.6+20081011-1 shared libraries for terminal hand ii libogg0 1.1.3-4 Ogg Bitstream Library ii libpng12-0 1.2.27-2 PNG library - runtime ii libpostproc51 0.svn20080206-14 ffmpeg video postprocessing librar ii libraw1394-8 1.3.0-4 library for direct access to IEEE ii libsmbclient 2:3.2.3-3 shared library that allows applica ii libspeex1 1.2~rc1-1 The Speex codec runtime library ii libstdc++6 4.3.2-1 The GNU Standard C++ Library v3 ii libsysfs2 2.1.0-5 interface library to sysfs ii libtheora0 1.0~beta3-1 The Theora Video Compression Codec ii libtwolame0 0.3.12-1 MPEG Audio Layer 2 encoding librar ii libvcdinfo0 0.7.23-4 library to extract information fro ii libvlc0 0.8.6.h-4 multimedia player and streamer lib ii libvorbis0a 1.2.0.dfsg-3.1 The Vorbis General Audio Compressi ii libvorbisenc2 1.2.0.dfsg-3.1 The Vorbis General Audio Compressi ii libxml2 2.6.32.dfsg-4 GNOME XML library ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime vlc-nox recommends no packages. vlc-nox suggests no packages. -- no debconf information