Several vulnerabilities have been discovered in vlc, a multimedia player and streamer. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1768 Drew Yao discovered that multiple integer overflows in the MP4 demuxer, Real demuxer and Cinepak codec can lead to the execution of arbitrary code. CVE-2008-1769 Drew Yao discovered that the Cinepak codec is prone to a memory corruption, which can be triggered by a crafted Cinepak file. CVE-2008-1881 Luigi Auriemma discovered that it is possible to execute arbitrary code via a long subtitle in an SSA file. CVE-2008-2147 It was discovered that vlc is prone to a search path vulnerability, which allows local users to perform privilege escalations. CVE-2008-2430 Alin Rad Pop discovered that it is possible to execute arbitrary code when opening a WAV file containing a large fmt chunk. CVE-2008-3794 Pınar Yanardağ discovered that it is possible to execute arbitrary code when opening a crafted mmst link. CVE-2008-4686 Tobias Klein discovered that it is possible to execute arbitrary code when opening a crafted .ty file. CVE-2008-5032 Tobias Klein discovered that it is possible to execute arbitrary code when opening an invalid CUE image file with a crafted header. For the oldstable distribution (etch), these problems have been fixed in version 0.8.6-svn20061012.debian-5.1+etch3. For the stable distribution (lenny), these problems have been fixed in version 0.8.6.h-4+lenny2, which was already included in the lenny release. For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 0.8.6.h-5. We recommend that you upgrade your vlc packages.
Several vulnerabilities have been discovered in vlc, a multimedia player and streamer. The Common Vulnerabilities and Exposures project identifies the following problems:
Drew Yao discovered that multiple integer overflows in the MP4 demuxer, Real demuxer and Cinepak codec can lead to the execution of arbitrary code.
Drew Yao discovered that the Cinepak codec is prone to a memory corruption, which can be triggered by a crafted Cinepak file.
Luigi Auriemma discovered that it is possible to execute arbitrary code via a long subtitle in an SSA file.
It was discovered that vlc is prone to a search path vulnerability, which allows local users to perform privilege escalations.
Alin Rad Pop discovered that it is possible to execute arbitrary code when opening a WAV file containing a large fmt chunk.
Pınar Yanardağ discovered that it is possible to execute arbitrary code when opening a crafted mmst link.
Tobias Klein discovered that it is possible to execute arbitrary code when opening a crafted .ty file.
Tobias Klein discovered that it is possible to execute arbitrary code when opening an invalid CUE image file with a crafted header.
For the oldstable distribution (etch), these problems have been fixed in version 0.8.6-svn20061012.debian-5.1+etch4.
For the stable distribution (lenny), these problems have been fixed in version 0.8.6.h-4+lenny2, which was already included in the lenny release.
For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 0.8.6.h-5.
We recommend that you upgrade your vlc packages.
MD5 checksums of the listed files are available in the original advisory.