Candidate: CVE-2009-1045
PublicDate: 2009-03-23 16:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1045
Description:
 requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial
 of service (stack consumption and crash) via a long input argument in an
 in_play action.
Ubuntu-Description:
Notes:
 mdeslaur> PoC: http://www.milw0rm.com/exploits/8213
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522170
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_vlc:
 upstream: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=abc867adb981772703c5d33711736f531a4551b4
upstream_vlc: released (0.9.9)
dapper_vlc: ignored (reached end-of-life)
gutsy_vlc: needed (reached end-of-life)
hardy_vlc: not-affected (0.8.6.release.e+x264svn20071224+faad2.6.1-0ubuntu3.2)
intrepid_vlc: released (0.9.4-1ubuntu3.2)
jaunty_vlc: not-affected (0.9.9a-2ubuntu1)
karmic_vlc: not-affected (1.0.0~rc2-1ubuntu1)
devel_vlc: not-affected (1.0.0~rc2-1ubuntu1)