Public bug reported: Binary package hint: vlc
This is a security problem. VLC media player CDDA (CD Digital Audio) and VCDX (Video CD) plugins are prone to a C-style format string vulnerability when trying to open a media resource location. The bug occurs when handling error and debug messages from underlying library libcdio. Because the VCDX plugins probes every media resource location unless another plugin successfully opened the resource, almost any invalid location can trigger the bug. See http://www.videolan.org/sa0701.html for further information and patch. It is referenced under CVE-2007-0017, VideoLAN-SA-0701, MOAB-02-01-2007 ** Affects: vlc (Ubuntu) Importance: Undecided Status: Unconfirmed ** This bug has been flagged as a security issue ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-0017 -- URL format string injection in CDDA and VCDX plugins https://launchpad.net/bugs/78610 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
