CVE-2009-1045
Published: 23 March 2009
requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action.
Notes
Author | Note |
---|---|
mdeslaur | PoC: http://www.milw0rm.com/exploits/8213 |
Priority
Status
Package | Release | Status |
---|---|---|
vlc Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Not vulnerable
(0.8.6.release.e+x264svn20071224+faad2.6.1-0ubuntu3.2)
|
|
intrepid |
Released
(0.9.4-1ubuntu3.2)
|
|
jaunty |
Not vulnerable
(0.9.9a-2ubuntu1)
|
|
karmic |
Not vulnerable
(1.0.0~rc2-1ubuntu1)
|
|
upstream |
Released
(0.9.9)
|
|
Patches: upstream: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=abc867adb981772703c5d33711736f531a4551b4 |