VLC 2.0.8 Buffer Overflow

2013.10.01
Credit: Laurent Butti
Risk: High
Local: Yes
Remote: No
CWE: CWE-119


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

mp4a packetizer: fix buffer overflow author Rafal Carr <funman@videolan.org> Sat, 24 Aug 2013 22:10:31 +0200 (22:10 +0200) committer Rafal Carr <funman@videolan.org> Sat, 24 Aug 2013 22:10:47 +0200 (22:10 +0200) modules/packetizer/mpeg4audio.c patch | blob | history diff --git a/modules/packetizer/mpeg4audio.c b/modules/packetizer/mpeg4audio.c index aaad221..c951295 100644 (file) --- a/modules/packetizer/mpeg4audio.c +++ b/modules/packetizer/mpeg4audio.c @@ -804,8 +804,11 @@ static int LOASParse(decoder_t *p_dec, uint8_t *p_buffer, int i_buffer) continue; /* FIXME that's slow (and a bit ugly to write in place) */ - for (int i = 0; i < pi_payload[i_program][i_layer]; i++) + for (int i = 0; i < pi_payload[i_program][i_layer]; i++) { + if (i_accumulated >= i_buffer) + return 0; p_buffer[i_accumulated++] = bs_read(&s, 8); + } } } } else {

References:

http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e
http://www.videolan.org/developers/vlc-branch/NEWS
http://seclists.org/oss-sec/2013/q4/1


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top