20 June 2007, 17:32

VideoLAN executes code from media files

The developers of the open-source VideoLAN Client (VLC) software have released Version 0.8.6c, which eliminates some vulnerabilities when playing back crafted media files. They explain in a security report that the support modules for the formats Ogg Vorbis and Theora, CD Digital Audio (CDDA) and for the Service Announce Protocol (SAP), contain so-called format string vulnerabilities.

This can allow crafted .ogg/.ogm files, crafted CDDB entries and, for example, network packets in the Service Announce Protocol/Service Discovery Protocol sent to the broadcast address of a local net, to inject malicious program code, which can then be executed with user privileges. The VLC programmers therefore classify the vulnerabilities as critical and recommend updating the installed version with the current Version 0.8.6c.

Channels

Services

VideoLAN executes code from media files

Also on The H:

Content Security Policy halts XSS in its tracks

Skype's ominous link checking: Facts and speculation

Password protection for everyone

Two clicks for more privacy

What's new in SUSE Linux Enterprise 11 SP3

What's new in Fedora 19

What's new in Linux 3.10

Free Software post-PRISM

Kernel Log: Coming in 3.10 (Part 4) - Drivers

The trouble with "Business Source"

Kernel Log: Coming in 3.10 (Part 3) - Infrastructure

Whatever happened to Google?

Java EE 7 at a glance

Continuous database migration with Liquibase and Flyway

Unit testing with Node.js

Ruby 2.0 - the 20th birthday present

Linux Mint 15: A better Ubuntu for the desktop

What's new in Linux 3.9

Replacing Google Reader

Attacking TrueCrypt

The H

The H Open

The H Security

The H Developer

The H Internet Toolkit