Debian DSA-2043-1 : vlc - integer overflow

high Nessus Plugin ID 46314

Language:

Synopsis

The remote Debian host is missing a security-related update.

Description

tixxDZ (DZCORE labs) discovered a vulnerability in vlc, the multimedia player and streamer. Missing data validation in vlc's real data transport (RDT) implementation enable an integer underflow and consequently an unbounded buffer operation. A maliciously crafted stream could thus enable an attacker to execute arbitrary code.

No Common Vulnerabilities and Exposures project identifier is available for this issue.

Solution

Upgrade the vlc packages.

For the stable distribution (lenny), this problem has been fixed in version 0.8.6.h-4+lenny2.3.

See Also

https://www.debian.org/security/2010/dsa-2043

Plugin Details

Severity: High

ID: 46314

File Name: debian_DSA-2043.nasl

Version: 1.10

Type: local

Agent: unix

Published: 5/12/2010

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:vlc, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 5/11/2010

Reference Information

DSA: 2043