Public bug reported: Binary package hint: vlc
From: http://www.videolan.org/sa0702.html Affected versions: VLC media player 0.8.6b and earlier Details: VLC media player Ogg/Vorbis, Ogg/Theora, CDDA (CD Digital Audio) and SAP (Service Announce Protocol) plugins are prone to a C-style format string vulnerability when trying to parse a media data stream. Valid but carefully crafted .ogg (Vorbis) or .ogm (Theora) files, CDDB entries or SAP/SDP messages can trigger the bug. We therefore consider this bug to have a high severity. Impact: If successful, a malicious third party could use this vulnerability to execute arbitrary code within the context of VLC media player (i.e. acquire local user privileges on the vulnerable system), or crash the player instance. For the complete security advisory, please visit http://www.videolan.org/sa0702.html Although VLC is part of Universe, fixed packages would be greatly appreciated. ** Affects: vlc (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public -- [VLC] Format string injection in Vorbis, Theora, SAP and CDDA plugins https://bugs.launchpad.net/bugs/121511 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
