Debian Bug report logs - #489004
vlc: CVE-2008-2430 heap overflow in wav fmt chunk parsing

version graph

Package: vlc; Maintainer for vlc is Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>; Source for vlc is src:vlc.

Reported by: Nico Golde <nion@debian.org>

Date: Wed, 2 Jul 2008 17:21:07 UTC

Severity: grave

Tags: patch, security

Fixed in version vlc/0.8.6.h-1

Done: Christophe Mutricy <xtophe@videolan.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>:
Bug#489004; Package vlc. Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: submit@bugs.debian.org
Subject: vlc: CVE-2008-2430 heap overflow in wav fmt chunk parsing
Date: Wed, 2 Jul 2008 19:18:47 +0200
[Message part 1 (text/plain, inline)]
Package: vlc
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for vlc.

CVE-2008-2430[0]:
| The vulnerability is caused due to an integer overflow error within the
| "Open()" function in "modules/demux/wav.c". This can be exploited to cause a
| heap-based buffer overflow via a specially crafted WAV file having an overly
| large "fmt" chunk.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

Note that this is not yet on the mitre site, in the meantime see:
http://secunia.com/advisories/30601/

Patch should be: http://git.videolan.org/gitweb.cgi?p=vlc.git;a=commitdiff_plain;h=3de60bf5b886ad81d7c05d68dff7a1ba461c0ac1

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2430
    http://security-tracker.debian.net/tracker/CVE-2008-2430

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Reply sent to Christophe Mutricy <xtophe@videolan.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at 489004-close@bugs.debian.org (full text, mbox):

From: Christophe Mutricy <xtophe@videolan.org>
To: 489004-close@bugs.debian.org
Subject: Bug#489004: fixed in vlc 0.8.6.h-1
Date: Sun, 06 Jul 2008 09:32:10 +0000
Source: vlc
Source-Version: 0.8.6.h-1

We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive:

libvlc0-dev_0.8.6.h-1_i386.deb
  to pool/main/v/vlc/libvlc0-dev_0.8.6.h-1_i386.deb
libvlc0_0.8.6.h-1_i386.deb
  to pool/main/v/vlc/libvlc0_0.8.6.h-1_i386.deb
mozilla-plugin-vlc_0.8.6.h-1_i386.deb
  to pool/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-1_i386.deb
vlc-nox_0.8.6.h-1_i386.deb
  to pool/main/v/vlc/vlc-nox_0.8.6.h-1_i386.deb
vlc-plugin-arts_0.8.6.h-1_i386.deb
  to pool/main/v/vlc/vlc-plugin-arts_0.8.6.h-1_i386.deb
vlc-plugin-esd_0.8.6.h-1_i386.deb
  to pool/main/v/vlc/vlc-plugin-esd_0.8.6.h-1_i386.deb
vlc-plugin-ggi_0.8.6.h-1_i386.deb
  to pool/main/v/vlc/vlc-plugin-ggi_0.8.6.h-1_i386.deb
vlc-plugin-glide_0.8.6.h-1_i386.deb
  to pool/main/v/vlc/vlc-plugin-glide_0.8.6.h-1_i386.deb
vlc-plugin-jack_0.8.6.h-1_i386.deb
  to pool/main/v/vlc/vlc-plugin-jack_0.8.6.h-1_i386.deb
vlc-plugin-sdl_0.8.6.h-1_i386.deb
  to pool/main/v/vlc/vlc-plugin-sdl_0.8.6.h-1_i386.deb
vlc-plugin-svgalib_0.8.6.h-1_i386.deb
  to pool/main/v/vlc/vlc-plugin-svgalib_0.8.6.h-1_i386.deb
vlc_0.8.6.h-1.diff.gz
  to pool/main/v/vlc/vlc_0.8.6.h-1.diff.gz
vlc_0.8.6.h-1.dsc
  to pool/main/v/vlc/vlc_0.8.6.h-1.dsc
vlc_0.8.6.h-1_i386.deb
  to pool/main/v/vlc/vlc_0.8.6.h-1_i386.deb
vlc_0.8.6.h.orig.tar.gz
  to pool/main/v/vlc/vlc_0.8.6.h.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 489004@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christophe Mutricy <xtophe@videolan.org> (supplier of updated vlc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 05 Jul 2008 23:45:15 +0100
Source: vlc
Binary: vlc vlc-nox libvlc0 libvlc0-dev vlc-plugin-esd vlc-plugin-sdl vlc-plugin-ggi vlc-plugin-glide vlc-plugin-arts mozilla-plugin-vlc vlc-plugin-svgalib vlc-plugin-jack
Architecture: source i386
Version: 0.8.6.h-1
Distribution: unstable
Urgency: high
Maintainer: Debian multimedia packages maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Christophe Mutricy <xtophe@videolan.org>
Description: 
 libvlc0    - multimedia player and streamer library
 libvlc0-dev - development files for VLC
 mozilla-plugin-vlc - multimedia plugin for web browsers based on VLC
 vlc        - multimedia player and streamer
 vlc-nox    - multimedia player and streamer (without X support)
 vlc-plugin-arts - aRts audio output plugin for VLC
 vlc-plugin-esd - Esound audio output plugin for VLC
 vlc-plugin-ggi - GGI video output plugin for VLC
 vlc-plugin-glide - Glide video output plugin for VLC
 vlc-plugin-jack - Jack audio plugins for VLC
 vlc-plugin-sdl - SDL video and audio output plugin for VLC
 vlc-plugin-svgalib - SVGAlib video output plugin for VLC
Closes: 477543 477545 489004
Changes: 
 vlc (0.8.6.h-1) unstable; urgency=high
 .
   [ Christophe Mutricy ]
   * Acknowledge NMU by Nico Golde. Thanks.
   * Acknowledge NMU by Mike Hommey. Thanks.
   * New security upstrem release
     - Fix buffer overflow (CVE-2008-1881)
     - Fix out of bound array access (CVE-2008-1769)
     - Fix various integer overflow in MP4 demuxer, Cinepak, RTSP
       (CVE-2008-1489, CVE-2008-1768)
     - Remove 105_min_mkv.patch, 400-CVE-2008-1489.diff and
       401-CVE-2008-0073.diff, 402-CVE-2008-1881, 403-CVE-2008-1768.diff
       and 404-CVE-2008-1881 integrated upstream
   * Remove old transitional packages: vlc-plugin-alsa and wxvlc
     (Closes: #477543, #477545)
   * Add some magic for reportbug to ask people to remove their plugin cache
     and get the info for vlc-nox and libvlc0 also.
 .
   [ Reinhard Tartler ]
   * added a watch file
   * new upstream release, refreshing patches
 .
   [ Christophe Mutricy ]
   * Fix buffer overflow in Wav demux.(CVE-2008-2430)(Closes: #489004)
     (Patch taken from upstream: 401-CVE-2008-2430.diff)
Checksums-Sha1: 
 c358fb87bff9de7322f49bc2b29c053c57b7d3d8 3188 vlc_0.8.6.h-1.dsc
 829b2599a9188254d1c109be377b4a9c18e14482 16977154 vlc_0.8.6.h.orig.tar.gz
 2c24a5d577b543ada22c1d184ff29e0284b6d4a1 40431 vlc_0.8.6.h-1.diff.gz
 5cbfa28ae4318e65847d92091f889a971d67e81d 1084776 vlc_0.8.6.h-1_i386.deb
 d5d2ccf6994ffa5559c931b65562e75612085a51 4977888 vlc-nox_0.8.6.h-1_i386.deb
 f55515ca1c569d34526b04dc9aedf645588c289e 462634 libvlc0_0.8.6.h-1_i386.deb
 5722ae8e73ed7b3f5e159b963270ede73b5228c8 479660 libvlc0-dev_0.8.6.h-1_i386.deb
 198f8c001f9ceaf5bd2bea0c72f2bb76d13dcf08 5236 vlc-plugin-esd_0.8.6.h-1_i386.deb
 78d0d0f4bb75de68488e63296478dcab13ed9466 11098 vlc-plugin-sdl_0.8.6.h-1_i386.deb
 27848cec3079a2f7cb380b709965560a2b5f106d 6110 vlc-plugin-ggi_0.8.6.h-1_i386.deb
 269e4d28177c46366a2f3e8c23d8dae2b53161d1 4242 vlc-plugin-glide_0.8.6.h-1_i386.deb
 209226aef44893f5dd798da8004758066a2abc4d 4368 vlc-plugin-arts_0.8.6.h-1_i386.deb
 52bf4f8ce98ae17be705b2765b65800a61368bd3 36988 mozilla-plugin-vlc_0.8.6.h-1_i386.deb
 0b1f9d01040b0e45c139227624c27ff3cc626e83 4834 vlc-plugin-svgalib_0.8.6.h-1_i386.deb
 3d431c2ee02a25350b2c64ced0cb53d01011cc06 5130 vlc-plugin-jack_0.8.6.h-1_i386.deb
Checksums-Sha256: 
 bee90383c2b59208e6fe4a58b149217efe56744612fb507a60093d645a86536b 3188 vlc_0.8.6.h-1.dsc
 92a998f2ca53b77610c608436b2e8d991442742f25793c136cb4ee095eec1eff 16977154 vlc_0.8.6.h.orig.tar.gz
 faa0d6320907c5461c27f24e4b058247d2a4202d986b1b07f1bfc1642429edd7 40431 vlc_0.8.6.h-1.diff.gz
 a29202656689e16a58ac8744b6998c44dbddf77f28c62d5c1838b2de5ef6e9d4 1084776 vlc_0.8.6.h-1_i386.deb
 0feaca491e8b31f8abc14aa50d5349d0a491f1e76abee5b8c2f0814efe816f79 4977888 vlc-nox_0.8.6.h-1_i386.deb
 ab45506ffe62ad4ae90d0db8f7559bcd0baa25e1f6a8b52fa8e89f82913760f6 462634 libvlc0_0.8.6.h-1_i386.deb
 03042f82b87e2ded477b4798807ff7e0a6acacd44a36cb26a778ec5041f62c56 479660 libvlc0-dev_0.8.6.h-1_i386.deb
 15fb4ce746e7350b31b248a2bc4d33905bc57b39ebaa58ad71484e63a4992748 5236 vlc-plugin-esd_0.8.6.h-1_i386.deb
 79816cd6fefba13cd5f7d1d320adc5b2214103794ce40d07794ad581085ebf17 11098 vlc-plugin-sdl_0.8.6.h-1_i386.deb
 138e5325e26dde39c7ea052a019c99203e71b08213adce80700d736d9723ce09 6110 vlc-plugin-ggi_0.8.6.h-1_i386.deb
 296a8153eb1f4faa3ca62b3212af54b4b1931dd12422cc7661525e761be59802 4242 vlc-plugin-glide_0.8.6.h-1_i386.deb
 f18be8ac2fd5a53c81e3957ff4048201b8f682c1319e4a5a6e63c3ce794ac5d3 4368 vlc-plugin-arts_0.8.6.h-1_i386.deb
 361ed47f669dcd6ba8cd39eadb1e61a21fbc305f9d97292ecb0b25b45c315004 36988 mozilla-plugin-vlc_0.8.6.h-1_i386.deb
 32e79eb7e625ac17ce0494fbe2c99f4ddad16fe2535e37a95e9b5ea6941baf01 4834 vlc-plugin-svgalib_0.8.6.h-1_i386.deb
 418096a1af1c9ff0ac9c5fade98f684e34f2d73c884752dceecb2219e6388a13 5130 vlc-plugin-jack_0.8.6.h-1_i386.deb
Files: 
 8acb2da2020041b922baa4646e937bc6 3188 graphics optional vlc_0.8.6.h-1.dsc
 9b3e15802b482cb12e79d2eb8cc4ea98 16977154 graphics optional vlc_0.8.6.h.orig.tar.gz
 5a42290595108f7f66f761a0e31db519 40431 graphics optional vlc_0.8.6.h-1.diff.gz
 35ba1c1c807a636a37e3075b50e25a77 1084776 graphics optional vlc_0.8.6.h-1_i386.deb
 3dd3563ae7c5abc437e0e95dcbb2cf4e 4977888 net optional vlc-nox_0.8.6.h-1_i386.deb
 072abe0f268d30c3fc47362f73d476bf 462634 libs optional libvlc0_0.8.6.h-1_i386.deb
 7bfc0663153343eae0452851e335ab04 479660 libdevel optional libvlc0-dev_0.8.6.h-1_i386.deb
 991b12e42c0b682d8fea40e8afbac7a6 5236 graphics optional vlc-plugin-esd_0.8.6.h-1_i386.deb
 90f341f4abd581696247a7d6ff97c996 11098 graphics optional vlc-plugin-sdl_0.8.6.h-1_i386.deb
 4fc24e77738d381743085029fd9d09db 6110 graphics optional vlc-plugin-ggi_0.8.6.h-1_i386.deb
 5788cf6d7b1b0eaeb23797e486d0a741 4242 graphics optional vlc-plugin-glide_0.8.6.h-1_i386.deb
 17964faea146bf8cab1dcf9e74db3c75 4368 graphics optional vlc-plugin-arts_0.8.6.h-1_i386.deb
 ba475f888b232989d0e51d494bd7e042 36988 graphics optional mozilla-plugin-vlc_0.8.6.h-1_i386.deb
 d48f8000dcace5bec9fa09b52d438ea3 4834 graphics optional vlc-plugin-svgalib_0.8.6.h-1_i386.deb
 347b4331ef409ed80e1a9dd658599417 5130 graphics optional vlc-plugin-jack_0.8.6.h-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Debian Powered!

iQCVAwUBSHCOVO/EQKAAafKPAQJ3rgP/Td6AqFnv3ZPg/D+enSle7PXI8X/Q8YUk
q99hSBktSdLvCIgRNvHfKedNcf4rcTy2JzyoD7UAQagHhzfh0B5jGCxdfRRlpWeQ
EEsTJyW+hSbnX+9ni0QJ0RkB8nWt0wROT3K/A2UIu5WKU4P+L/AQEs/wEIKwQfcs
2KBlxhBqhuw=
=vQXg
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 27 Aug 2008 07:26:40 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 04:19:59 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.