FreeBSD : vlc -- cue processing stack overflow (4b09378e-addb-11dd-a578-0030843d3802)

This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The VLC Team reports :

The VLC media player contains a stack overflow vulnerability while
parsing malformed cue files. The vulnerability may be exploited by a
(remote) attacker to execute arbitrary code in the context of VLC
media player.

See also :

http://www.videolan.org/security/sa0810.html
http://www.trapkit.de/advisories/TKADV2008-012.txt
http://www.nessus.org/u?3955db7e

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 34723 (freebsd_pkg_4b09378eaddb11dda5780030843d3802.nasl)

Bugtraq ID:

CVE ID: CVE-2008-5032
CVE-2008-5036

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now