lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20080317183525.3a7ce72f.aluigi@autistici.org>
Date: Mon, 17 Mar 2008 18:35:25 +0100
From: Luigi Auriemma <aluigi@...istici.org>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: VLC highlander bug


The old buffer-overflow in the subtitles handled by VLC has not been
fully patched in version 0.8.6e, in fact buffer_text2 in ParseSSA is
still unchecked:

    if( sscanf( s,
      "Dialogue: %[^,],%d:%d:%d.%d,%d:%d:%d.%d,%81920[^\r\n]",
      buffer_text2,

The funny thing is that my old proof-of-concept was built just to test
this specific buffer-overflow and in fact it works on the new VLC version
too without modifications 8-)

Instead the SVN version was and is patched from 10 months as I wrote in
my old advisory:

  http://aluigi.org/adv/vlcboffs-adv.txt


--- 
Luigi Auriemma
http://aluigi.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ