Full Disclosure mailing list archives

By Date By Thread VLC Media Player 2.1.5 Memory Corruption Vulnerabilities (CVE-2014-9597, CVE-2014-9597) From: Veysel hataş <vhatas () gmail com>

Date: Fri, 16 Jan 2015 14:28:45 +0200

Title : VLC Player 2.1.5 DEP Access Violation Vulnerability Discoverer: Veysel HATAS (@muh4f1z) Web page : www.binarysniper.net Vendor : VideoLAN VLC Project Test: Windows XP SP3 Status: Not Fixed Severity : High CVE ID : CVE-2014-9597 OSVDB ID : 116450 <http://osvdb.org/show/osvdb/116450> VLC Ticket : 13389 <https://trac.videolan.org/vlc/ticket/13389> Discovered : 24 November 2014 Reported : 26 December 2014 Published : 9 January 2015 windbglog : https://trac.videolan.org/vlc/attachment/ticket/13389/windbglog.txt <https://trac.videolan.org/vlc/attachment/ticket/13390/windbglog.txt> Description : VLC Media Player contains a flaw that is triggered as user-supplied input is not properly sanitized when handling a specially crafted FLV file <http://www.datafilehost.com/d/9565165f>. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. --------------------------------------------------------------------------------------------------------------------------------------------- Title : VLC Player 2.1.5 Write Access Violation Vulnerability Discoverer: Veysel HATAS (@muh4f1z) Web page : www.binarysniper.net Vendor : VideoLAN VLC Project Test: Windows XP SP3 Status: Not Fixed Severity : High CVE ID : CVE-2014-9598 OSVDB ID : 116451 <http://osvdb.org/show/osvdb/116451> VLC Ticket : 13390 <https://trac.videolan.org/vlc/ticket/13390> Discovered : 24 November 2014 Reported : 26 December 2014 Published : 9 January 2015 windbglog : https://trac.videolan.org/vlc/attachment/ticket/13390/windbglog.txt Description : VLC Media Player contains a flaw that is triggered as user-supplied input is not properly sanitized when handling a specially crafted M2V file <http://www.datafilehost.com/d/11daf208>. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/ By Date By Thread Current thread: VLC Media Player 2.1.5 Memory Corruption Vulnerabilities (CVE-2014-9597, CVE-2014-9597) Veysel hataş (Jan 18)