FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vlc -- cue processing stack overflow

Affected packages
vlc < 0.8.6.i_2,2
vlc-devel < 0.9.6,3

Details

VuXML ID 4b09378e-addb-11dd-a578-0030843d3802
Discovery 2008-11-05
Entry 2008-11-08
Modified 2010-05-02

The VLC Team reports:

The VLC media player contains a stack overflow vulnerability while parsing malformed cue files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of VLC media player.

References

CVE Name CVE-2008-5032
CVE Name CVE-2008-5036
URL http://www.trapkit.de/advisories/TKADV2008-012.txt
URL http://www.videolan.org/security/sa0810.html