oss-sec mailing list archives
CVE-2014-6440: Heap Overflow in VLC Transcode Module
From: Bill Blough <devel () blough us>
Date: Wed, 4 Mar 2015 20:45:33 -0500
Executive Summary
-----------------
VLC versions before 2.1.5 contain a vulnerability in the transcode module that
may allow a corrupted stream to overflow buffers on the heap. With a
non-malicious input, this could lead to heap corruption and a crash. However,
under the right circumstances, a malicious attacker could potentially use this
vulnerability to hijack program execution, and on some platforms, execute
arbitrary code.
Remediation
-----------
Prior to being notified of this issue, the VLC team had already made changes to
the 2.2 development branch [0][1][2] that corrects this issue by reinitilizing
the filters when a format change is detected. However, the fixes had not yet
been backported to the 2.1 maintenance branch.
Once notified, the VLC team quickly resolved the issue by backporting the
relevant patches to the maintenance branch [3][4][5]. They also added an
additional check on both the development[6] and maintenance[7] branches for
good measure.
CVE-2014-6440 [8] was assigned to this issue.
Timeline
--------
2014-04-18: VLC team notified of issue
2014-04-19: Fixed in VLC repository
2014-07-06: VLC 2.1.5 maintenance release
A more detailed writeup can be found on my blog [9].
Please note, I am not subscribed to the list, so please CC me if you reply.
Bill
[0]: http://git.videolan.org/?p=vlc.git;a=commit;h=a3a150b91f09620dc0d81c22db591a20faf4b2a5
[1]: http://git.videolan.org/?p=vlc.git;a=commit;h=39a99d25872f64dacd470fda86ba2193a55cda52
[2]: http://git.videolan.org/?p=vlc.git;a=commit;h=26989ea2d98380eef28843ffa8ca490e8f9d6dae
[3]: http://git.videolan.org/?p=vlc/vlc-2.1.git;a=commit;h=28bd6670a26bf88c2523b7302e2c22f8ca210bb7
[4]: http://git.videolan.org/?p=vlc/vlc-2.1.git;a=commit;h=feca6658b4b84b4bc8b7a08431e811813277d31b
[5]: http://git.videolan.org/?p=vlc/vlc-2.1.git;a=commit;h=e40a4a1a54be2b69e4e001451f0dd91f3857a976
[6]: http://git.videolan.org/?p=vlc.git;a=commit;h=a113b849e428b71813a569021bd10d6974f6621f
[7]: http://git.videolan.org/?p=vlc/vlc-2.1.git;a=commit;h=a5bee4c5cf0c8fca0d1ddaf570aeebc78e824b15
[8]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6440
[9]: http://billblough.net/blog/2015-03-04-cve-2014-6440-heap-overflow-in-vlc-transcode-module
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE-2014-6440: Heap Overflow in VLC Transcode Module Bill Blough (Mar 04)
