Home page logo

oss-sec logo oss-sec mailing list archives

VideoLAN TiVo Demuxer Duplicate CVEs (CVE-2011-5231 and CVE-2012-0023)
From: Sean Amoss <ackle () gentoo org>
Date: Mon, 29 Oct 2012 14:27:20 -0400

Steve, MITRE, vendors:

It appears that there may be two CVE's for the same issue:

CVE-2011-5231 - Double free vulnerability in the get_chunk_header
function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0
through 1.1.12 allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a crafted TiVo (TY) file.


References to http://www.videolan.org/security/sa1108.html


CVE-2012-0023 - Buffer overflow in VLC TiVo demuxer

CVE Assignment: http://www.openwall.com/lists/oss-security/2012/01/03/12

References http://www.videolan.org/security/sa1108.html in assignment above

Sean Amoss
Gentoo Security | GLSA Coordinator
E-Mail    : ackle () gentoo org
GnuPG FP  : E58A AABD DD2D 03AF 0A7A 2F14 1877 72EC E928 357A

Attachment: signature.asc
Description: OpenPGP digital signature

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]