Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19429
HistoryMar 17, 2008 - 12:00 a.m.

VLC highlander bug

2008-03-1700:00:00
vulners.com
80

The old buffer-overflow in the subtitles handled by VLC has not been
fully patched in version 0.8.6e, in fact buffer_text2 in ParseSSA is
still unchecked:

if( sscanf( s,
  "Dialogue: %[^,],%d:%d:%d.%d,%d:%d:%d.%d,%81920[^\r\n]",
  buffer_text2,

The funny thing is that my old proof-of-concept was built just to test
this specific buffer-overflow and in fact it works on the new VLC version
too without modifications 8-)

Instead the SVN version was and is patched from 10 months as I wrote in
my old advisory:

http://aluigi.org/adv/vlcboffs-adv.txt


Luigi Auriemma
http://aluigi.org