Hi Remi, * Remi Denis-Courmont <[EMAIL PROTECTED]> [2008-10-19 17:44]: > VLC versions 0.8.2 through 0.9.4 are prone to an exploitable > stack-based buffer overflow in the TY (TiVo) file parser. > > See also http://www.videolan.org/security/sa0809.html
Are you sure that 0.8.6.h-4 in unstable is affected? Looking at http://git.videolan.org/?p=vlc.git;a=blob;f=modules/demux/ty.c;h=65a408f67a363747f7308a8a858a6dad50e54e67;hb=26d92b87bba99b5ea2e17b7eaa39c462d65e9133 the overflow happens because of the integer conversion in 8 + i_map_size or if i_map_size + 8 exceeds mst_buf. I had a look at the code in 0.8.6.h-4 and didn't see something similar. Only static size reads with correct sizes. Can you confirm that this does not affect 0.8.6.h-4 and if not, what do I miss? > N.B.: please give me the CVE ID if you allocate one. I requested one and will forward it to you. Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]